CVE-2021-37036

CWE-532 — Log File Information Exposure CWE-200 — Information Exposure3 documents3 sources

Severity

5.5MEDIUM

EPSS

0.0%

top 92.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Ecns280 TD Firmware Huawei Fusioncompute

Timeline

PublishedNov 23

Latest updateNov 24

Description

There is an information leakage vulnerability in FusionCompute 6.5.1, eCNS280_TD V100R005C00 and V100R005C10. Due to the improperly storage of specific information in the log file, the attacker can obtain the information when a user logs in to the device. Successful exploit may cause the information leak.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/fusioncompute6.5.1

▶NVDhuawei/ecns280_td_firmwarev100r005c00, v100r005c10+1

🔴Vulnerability Details

GHSA

GHSA-vx48-mxh7-h8m4: There is an information leakage vulnerability in FusionCompute 6↗2021-11-24

▶

CVEList

CVE-2021-37036: There is an information leakage vulnerability in FusionCompute 6↗2021-11-23

▶