Details of VAR-202201-1318

ID

VAR-202201-1318

CVE

CVE-2021-40033

TITLE

plural Huawei Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2022-004567

DESCRIPTION

There is an information exposure vulnerability on several Huawei Products. The vulnerability is due to that the software does not properly protect certain information. Successful exploit could cause information disclosure. Affected product versions include: CloudEngine 12800 V200R005C10SPC800; CloudEngine 5800 V200R005C10SPC800, V200R019C00SPC800; CloudEngine 6800 V200R005C10SPC800, V200R005C20SPC800, V200R019C00SPC800; CloudEngine 7800 V200R005C10SPC800, V200R019C00SPC800. plural Huawei There are unspecified vulnerabilities in the product.Information may be obtained. Huawei CloudEngine 12800, etc. are all products of China's Huawei (Huawei). Huawei CloudEngine 12800 is a 12800 series data center switch. Huawei Cloudengine 5800 is a 5800 series data center switch. Huawei Cloudengine 6800 is a 6800 series data center switch

Trust: 2.16

sources: NVD: CVE-2021-40033 // JVNDB: JVNDB-2022-004567 // CNVD: CNVD-2022-17396

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-17396

AFFECTED PRODUCTS

vendor:	huawei	model:	cloudengine 12800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r005c20spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 6800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r019c00spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 5800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 7800	scope:	eq	version:	v200r005c10spc800	Trust: 1.0
vendor:	huawei	model:	cloudengine 12800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 5800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 7800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine 6800	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	cloudengine v200r019c00spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c20spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r019c00spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r019c00spc800	scope:	eq	version:	7800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	12800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	5800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	6800	Trust: 0.6
vendor:	huawei	model:	cloudengine v200r005c10spc800	scope:	eq	version:	7800	Trust: 0.6

sources: CNVD: CNVD-2022-17396 // JVNDB: JVNDB-2022-004567 // NVD: CVE-2021-40033

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40033
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-40033
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2022-17396
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202201-1766
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-40033
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2022-17396
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-40033
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40033
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2022-17396 // JVNDB: JVNDB-2022-004567 // CNNVD: CNNVD-202201-1766 // NVD: CVE-2021-40033

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-004567 // NVD: CVE-2021-40033

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202201-1766

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202201-1766

PATCH

title:	huawei-sa-20220112-01-infodis	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en	Trust: 0.8
title:	Patch for Multiple Huawei product information disclosure vulnerabilities (CNVD-2022-17396)	url:	https://www.cnvd.org.cn/patchInfo/show/323706	Trust: 0.6
title:	HuaWei Repair measures for information disclosure vulnerabilities of various products	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178963	Trust: 0.6

sources: CNVD: CNVD-2022-17396 // JVNDB: JVNDB-2022-004567 // CNNVD: CNNVD-202201-1766

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40033	Trust: 3.8
db:	JVNDB	id:	JVNDB-2022-004567	Trust: 0.8
db:	CNVD	id:	CNVD-2022-17396	Trust: 0.6
db:	CS-HELP	id:	SB2022012009	Trust: 0.6
db:	CNNVD	id:	CNNVD-202201-1766	Trust: 0.6

sources: CNVD: CNVD-2022-17396 // JVNDB: JVNDB-2022-004567 // CNNVD: CNNVD-202201-1766 // NVD: CVE-2021-40033

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-40033	Trust: 2.0
url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-infodis-en	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2022012009	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20220112-01-infodis-cn	Trust: 0.6

sources: CNVD: CNVD-2022-17396 // JVNDB: JVNDB-2022-004567 // CNNVD: CNNVD-202201-1766 // NVD: CVE-2021-40033

CREDITS

The vulnerability was discovered by Huawei internal testing.

Trust: 0.6

sources: CNNVD: CNNVD-202201-1766

SOURCES

db:	CNVD	id:	CNVD-2022-17396
db:	JVNDB	id:	JVNDB-2022-004567
db:	CNNVD	id:	CNNVD-202201-1766
db:	NVD	id:	CVE-2021-40033

LAST UPDATE DATE

2024-11-23T22:47:32.039000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2022-17396	date:	2022-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-004567	date:	2023-04-18T08:24:00
db:	CNNVD	id:	CNNVD-202201-1766	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-40033	date:	2024-11-21T06:23:25.600

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2022-17396	date:	2022-03-08T00:00:00
db:	JVNDB	id:	JVNDB-2022-004567	date:	2023-04-18T00:00:00
db:	CNNVD	id:	CNNVD-202201-1766	date:	2022-01-19T00:00:00
db:	NVD	id:	CVE-2021-40033	date:	2022-01-31T16:15:09.923