Details of VAR-202103-0514

ID

VAR-202103-0514

CVE

CVE-2021-22310

TITLE

plural Huawei Vulnerability related to information leakage from log files in products

Trust: 0.8

sources: JVNDB: JVNDB-2021-010256

DESCRIPTION

There is an information leakage vulnerability in some huawei products. Due to the properly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause an information leak. Affected product versions include: NIP6300 versions V500R001C00,V500R001C20,V500R001C30;NIP6600 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6300 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6500 versions V500R001C00,V500R001C20,V500R001C30;Secospace USG6600 versions V500R001C00,V500R001C20,V500R001C30,V500R001C50,V500R001C60,V500R001C80;USG9500 versions V500R005C00,V500R005C10

Trust: 1.71

sources: NVD: CVE-2021-22310 // JVNDB: JVNDB-2021-010256 // VULMON: CVE-2021-22310

AFFECTED PRODUCTS

vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c80	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c50	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c00	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6500	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6300	scope:	eq	version:	v500r001c20	Trust: 1.0
vendor:	huawei	model:	nip6600	scope:	eq	version:	v500r001c30	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c60	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	eq	version:	v500r005c10	Trust: 1.0
vendor:	huawei	model:	nip6300	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	secospace usg6600	scope:	eq	version:	v500r001c00	Trust: 1.0
vendor:	huawei	model:	usg9500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6600	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6300	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	secospace usg6500	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	nip6600	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010256 // NVD: CVE-2021-22310

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22310
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22310
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202102-338
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-22310
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

nvd@nist.gov:	CVE-2021-22310
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	0.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22310
baseSeverity:	MEDIUM
baseScore:	4.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2021-010256 // CNNVD: CNNVD-202102-338 // NVD: CVE-2021-22310

PROBLEMTYPE DATA

problemtype:	CWE-532	Trust: 1.0
problemtype:	Information leakage from log files (CWE-532) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-010256 // NVD: CVE-2021-22310

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-338

TYPE

log information leak

Trust: 0.6

sources: CNNVD: CNNVD-202102-338

PATCH

title:	huawei-sa-20210203-01-plaintextlog	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en	Trust: 0.8
title:	Repair measures for multiple Huawei product information leaks	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140560	Trust: 0.6

sources: JVNDB: JVNDB-2021-010256 // CNNVD: CNNVD-202102-338

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22310	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-010256	Trust: 0.8
db:	CNNVD	id:	CNNVD-202102-338	Trust: 0.6
db:	VULMON	id:	CVE-2021-22310	Trust: 0.1

sources: VULMON: CVE-2021-22310 // JVNDB: JVNDB-2021-010256 // CNNVD: CNNVD-202102-338 // NVD: CVE-2021-22310

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22310	Trust: 1.4
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210203-01-plaintextlog-cn	Trust: 0.6
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/196182	Trust: 0.1

sources: VULMON: CVE-2021-22310 // JVNDB: JVNDB-2021-010256 // CNNVD: CNNVD-202102-338 // NVD: CVE-2021-22310

SOURCES

db:	VULMON	id:	CVE-2021-22310
db:	JVNDB	id:	JVNDB-2021-010256
db:	CNNVD	id:	CNNVD-202102-338
db:	NVD	id:	CVE-2021-22310

LAST UPDATE DATE

2024-11-23T21:51:01.138000+00:00

SOURCES UPDATE DATE

db:	VULMON	id:	CVE-2021-22310	date:	2021-03-26T00:00:00
db:	JVNDB	id:	JVNDB-2021-010256	date:	2022-06-28T06:51:00
db:	CNNVD	id:	CNNVD-202102-338	date:	2021-07-09T00:00:00
db:	NVD	id:	CVE-2021-22310	date:	2024-11-21T05:49:53.197

SOURCES RELEASE DATE

db:	VULMON	id:	CVE-2021-22310	date:	2021-03-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-010256	date:	2022-06-28T00:00:00
db:	CNNVD	id:	CNNVD-202102-338	date:	2021-02-03T00:00:00
db:	NVD	id:	CVE-2021-22310	date:	2021-03-22T19:15:11.773