Details of VAR-202105-0487

ID

VAR-202105-0487

CVE

CVE-2021-22364

TITLE

HUAWEI Mate 30 and Mate 30 (5G) Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-007458

DESCRIPTION

There is a denial of service vulnerability in the versions 10.1.0.126(C00E125R5P3) of HUAWEI Mate 30 and 10.1.0.152(C00E136R7P2) of HUAWEI Mate 30 (5G) . A module does not verify certain parameters sufficiently and it leads to some exceptions. Successful exploit could cause a denial of service condition. Huawei Mate 30 is a smart phone of China's Huawei (Huawei) company. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.7

sources: NVD: CVE-2021-22364 // JVNDB: JVNDB-2021-007458 // CNVD: CNVD-2021-39047 // CNNVD: CNNVD-202104-975

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-39047

AFFECTED PRODUCTS

vendor:	huawei	model:	mate 30	scope:	-	version:	-	Trust: 1.6
vendor:	huawei	model:	mate 30 5g	scope:	eq	version:	10.1.0.152\(c00e136r7p2\)	Trust: 1.0
vendor:	huawei	model:	mate 30	scope:	eq	version:	10.1.0.126\(c00e125r5p3\)	Trust: 1.0
vendor:	huawei	model:	mate	scope:	eq	version:	30	Trust: 0.6

sources: CNVD: CNVD-2021-39047 // JVNDB: JVNDB-2021-007458 // NVD: CVE-2021-22364

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22364
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22364
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-39047
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202105-1293
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-22364
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2021-39047
severity:	MEDIUM
baseScore:	4.9
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22364
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22364
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-39047 // JVNDB: JVNDB-2021-007458 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1293 // NVD: CVE-2021-22364

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-007458 // NVD: CVE-2021-22364

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1293

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	huawei-sa-20210519-04-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-04-dos-en	Trust: 0.8
title:	Patch for Huawei Mate 30 input verification error vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/269481	Trust: 0.6
title:	Huawei Mate 30 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151494	Trust: 0.6

sources: CNVD: CNVD-2021-39047 // JVNDB: JVNDB-2021-007458 // CNNVD: CNNVD-202105-1293

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22364	Trust: 3.8
db:	JVNDB	id:	JVNDB-2021-007458	Trust: 0.8
db:	CNVD	id:	CNVD-2021-39047	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021052004	Trust: 0.6
db:	CNNVD	id:	CNNVD-202105-1293	Trust: 0.6

sources: CNVD: CNVD-2021-39047 // JVNDB: JVNDB-2021-007458 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1293 // NVD: CVE-2021-22364

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-04-dos-en	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22364	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210519-04-dos-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021052004	Trust: 0.6

sources: CNVD: CNVD-2021-39047 // JVNDB: JVNDB-2021-007458 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1293 // NVD: CVE-2021-22364

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202105-1293

SOURCES

db:	CNVD	id:	CNVD-2021-39047
db:	JVNDB	id:	JVNDB-2021-007458
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202105-1293
db:	NVD	id:	CVE-2021-22364

LAST UPDATE DATE

2024-08-14T12:29:02.883000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-39047	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007458	date:	2022-02-14T07:26:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202105-1293	date:	2021-08-12T00:00:00
db:	NVD	id:	CVE-2021-22364	date:	2021-06-08T00:39:51.197

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-39047	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007458	date:	2022-02-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202105-1293	date:	2021-05-19T00:00:00
db:	NVD	id:	CVE-2021-22364	date:	2021-05-27T13:15:08.007