PT-2021-21466 · Huawei · Ecns280 Td+2

Published

2021-08-18

Updated

2021-11-24

CVE-2021-37036

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions FusionCompute version 6.5.1 eCNS280 TD versions V100R005C00 through V100R005C10

Description The issue is related to improper storage of specific information in log files. When a user logs in to the device, an attacker can obtain this information, potentially leading to information leakage. This occurs due to a flaw in how certain data is handled during the login process.

Recommendations For FusionCompute version 6.5.1, update the logging mechanism to properly secure sensitive information. For eCNS280 TD versions V100R005C00 through V100R005C10, modify the log file storage to prevent unauthorized access to sensitive data.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

CVE-2021-37036

Affected Products

Fusioncompute

Huawei Vrp

Ecns280 Td

PT-2021-21466 · Huawei · Ecns280 Td+2

CVE-2021-37036

Weakness Enumeration

Related Identifiers

Affected Products

References · 3