Details of VAR-202106-0609

ID

VAR-202106-0609

CVE

CVE-2021-22346

TITLE

Huawei smartphone security breach

Trust: 0.6

sources: CNNVD: CNNVD-202106-2006

DESCRIPTION

There is an Improper Permission Management Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may lead to the disclosure of user habits. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. There are security vulnerabilities in several Huawei SmartPhone, which stems from the lack of effective permissions and access control measures in the products. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Trust: 1.08

sources: NVD: CVE-2021-22346 // VULHUB: VHN-380781 // VULMON: CVE-2021-22346

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0

sources: NVD: CVE-2021-22346

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22346
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-202106-2006
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-380781
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22346
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22346
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-380781
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22346
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-380781 // VULMON: CVE-2021-22346 // CNNVD: CNNVD-202106-2006 // NVD: CVE-2021-22346

PROBLEMTYPE DATA

problemtype:

CWE-276

Trust: 1.1

sources: VULHUB: VHN-380781 // NVD: CVE-2021-22346

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-2006

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-2006

PATCH

title:

Repair measures for security vulnerabilities in Huawei smartphones

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156084

Trust: 0.6

sources: CNNVD: CNNVD-202106-2006

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22346	Trust: 1.8
db:	CNNVD	id:	CNNVD-202106-2006	Trust: 0.7
db:	VULHUB	id:	VHN-380781	Trust: 0.1
db:	VULMON	id:	CVE-2021-22346	Trust: 0.1

sources: VULHUB: VHN-380781 // VULMON: CVE-2021-22346 // CNNVD: CNNVD-202106-2006 // NVD: CVE-2021-22346

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/5/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22346	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/276.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380781 // VULMON: CVE-2021-22346 // CNNVD: CNNVD-202106-2006 // NVD: CVE-2021-22346

SOURCES

db:	VULHUB	id:	VHN-380781
db:	VULMON	id:	CVE-2021-22346
db:	CNNVD	id:	CNNVD-202106-2006
db:	NVD	id:	CVE-2021-22346

LAST UPDATE DATE

2024-08-14T14:44:24.475000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380781	date:	2021-07-06T00:00:00
db:	VULMON	id:	CVE-2021-22346	date:	2021-07-06T00:00:00
db:	CNNVD	id:	CNNVD-202106-2006	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-22346	date:	2021-07-06T18:09:38.953

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380781	date:	2021-06-30T00:00:00
db:	VULMON	id:	CVE-2021-22346	date:	2021-06-30T00:00:00
db:	CNNVD	id:	CNNVD-202106-2006	date:	2021-06-30T00:00:00
db:	NVD	id:	CVE-2021-22346	date:	2021-06-30T21:15:09.717