CVE-2021-22300

4.1MEDIUM

Key Information:

Vendor: Huawei
Status: Ecns280 Td
Vendor: CVE Published:; 6 February 2021

Summary

There is an information leak vulnerability in eCNS280_TD versions V100R005C00 and V100R005C10. A command does not have timeout exit mechanism. Temporary file contains sensitive information. This allows attackers to obtain information by inter-process access that requires other methods.

Affected Version(s)

eCNS280_TD V100R005C00

eCNS280_TD V100R005C10

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_CONFIRM

CVSS V3.1

Score:

4.1

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 6, 2021
Vulnerability Reserved
Jan 5, 2021