Sign-up

ID

VAR-202106-0592


CVE

CVE-2021-22368


TITLE

Huawei smartphone security breach

Trust: 0.6

sources: CNNVD: CNNVD-202106-2003

DESCRIPTION

There is a Permission Control Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may affect normal use of the device. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There are security vulnerabilities in several Huawei SmartPhone, which stems from the lack of effective permissions and access control measures in the products. The following products and versions are affected: EMUI 10.1.1, Magic UI 3.1.1

Trust: 1.08

sources: NVD: CVE-2021-22368 // VULHUB: VHN-380803 // VULMON: CVE-2021-22368

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

sources: NVD: CVE-2021-22368

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22368
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202106-2003
value: HIGH

Trust: 0.6

VULHUB: VHN-380803
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-22368
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22368
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-380803
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22368
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

sources: VULHUB: VHN-380803 // VULMON: CVE-2021-22368 // CNNVD: CNNVD-202106-2003 // NVD: CVE-2021-22368

PROBLEMTYPE DATA

problemtype:CWE-276

Trust: 1.1

sources: VULHUB: VHN-380803 // NVD: CVE-2021-22368

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-2003

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-2003

PATCH

title:Repair measures for security vulnerabilities in Huawei smartphonesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156082

Trust: 0.6

title:CVE-2021-22368url:https://github.com/AlAIAL90/CVE-2021-22368

Trust: 0.1

sources: VULMON: CVE-2021-22368 // CNNVD: CNNVD-202106-2003

EXTERNAL IDS

db:NVDid:CVE-2021-22368

Trust: 1.8

db:CNNVDid:CNNVD-202106-2003

Trust: 0.7

db:VULHUBid:VHN-380803

Trust: 0.1

db:VULMONid:CVE-2021-22368

Trust: 0.1

sources: VULHUB: VHN-380803 // VULMON: CVE-2021-22368 // CNNVD: CNNVD-202106-2003 // NVD: CVE-2021-22368

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/5/

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22368

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/276.html

Trust: 0.1

url:https://github.com/alaial90/cve-2021-22368

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380803 // VULMON: CVE-2021-22368 // CNNVD: CNNVD-202106-2003 // NVD: CVE-2021-22368

SOURCES

db:VULHUBid:VHN-380803
db:VULMONid:CVE-2021-22368
db:CNNVDid:CNNVD-202106-2003
db:NVDid:CVE-2021-22368

LAST UPDATE DATE

2024-08-14T14:50:14.957000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380803date:2021-07-06T00:00:00
db:VULMONid:CVE-2021-22368date:2021-07-06T00:00:00
db:CNNVDid:CNNVD-202106-2003date:2021-08-24T00:00:00
db:NVDid:CVE-2021-22368date:2021-07-06T18:02:52.083

SOURCES RELEASE DATE

db:VULHUBid:VHN-380803date:2021-06-30T00:00:00
db:VULMONid:CVE-2021-22368date:2021-06-30T00:00:00
db:CNNVDid:CNNVD-202106-2003date:2021-06-30T00:00:00
db:NVDid:CVE-2021-22368date:2021-06-30T18:15:08.540