Information Leak Vulnerability in Huawei eCNS280_TD Product
CVE-2021-22300

4.1MEDIUM

Key Information:

Vendor: Huawei
Status: Ecns280 Td
Vendor: CVE Published:; 6 February 2021

Summary

An information leak has been identified in Huawei's eCNS280_TD, specifically in versions V100R005C00 and V100R005C10. This vulnerability arises due to a missing timeout exit mechanism within a command, resulting in sensitive data being stored in temporary files. Attackers may exploit this flaw to access confidential information through inter-process communication methods, posing significant security risks to affected systems.

Affected Version(s)

eCNS280_TD V100R005C00

eCNS280_TD V100R005C10

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2021
Vulnerability Reserved
Jan 5, 2021