PT-2021-14938 · Huawei · Ecns280 Td+1
Published
2021-01-27
·
Updated
2021-02-10
·
CVE-2021-22300
CVSS v3.1
4.1
Medium
| Vector | AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
eCNS280 TD versions V100R005C00 and V100R005C10
Description:
The issue is related to an information leak. A command lacks a timeout exit mechanism, and temporary files contain sensitive information. This allows attackers to obtain information through inter-process access that would otherwise require different methods.
Recommendations:
For eCNS280 TD versions V100R005C00 and V100R005C10, consider implementing a timeout exit mechanism for the command and ensure that temporary files do not contain sensitive information. As a temporary workaround, restrict access to temporary files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Huawei Vrp
Ecns280 Td