Information disclosure in Huawei products - CVE-2021-22310
Published: February 3, 2021
Vulnerability identifier: #VU50285
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-22310
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Huawei
Affected software:
Huawei NIP6300
Huawei NIP6600
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Huawei NIP6300
Huawei NIP6600
Huawei Secospace USG6300
Huawei Secospace USG6500
Huawei Secospace USG6600
USG9500
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application. A local administrator can gain unauthorized access to sensitive information on the system.
How to mitigate CVE-2021-22310
Install updates from vendor's website.