Details of VAR-202106-1918

ID

VAR-202106-1918

CVE

CVE-2021-22324

TITLE

Huawei Vulnerability in insufficient protection of authentication information on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-007567

DESCRIPTION

There is a Credentials Management Errors vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may impair data confidentiality. Huawei Smartphones are vulnerable to inadequate protection of credentials.Information may be obtained. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Huawei smartphones have an authorization issue vulnerability, which stems from the lack of authentication measures or insufficient authentication strength in the product

Trust: 1.71

sources: NVD: CVE-2021-22324 // JVNDB: JVNDB-2021-007567 // VULHUB: VHN-380759

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007567 // NVD: CVE-2021-22324

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22324
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22324
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-235
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380759
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22324
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-380759
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22324
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22324
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380759 // JVNDB: JVNDB-2021-007567 // CNNVD: CNNVD-202106-235 // NVD: CVE-2021-22324

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Inadequate protection of credentials (CWE-522) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-522	Trust: 0.1

sources: VULHUB: VHN-380759 // JVNDB: JVNDB-2021-007567 // NVD: CVE-2021-22324

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202106-235

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202106-235

PATCH

title:	Huawei EMUI/Magic UI security updates March 2021	url:	https://consumer.huawei.com/en/support/bulletin/2021/3/	Trust: 0.8
title:	Repair measures for Huawei smartphone authorization bugs	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153897	Trust: 0.6

sources: JVNDB: JVNDB-2021-007567 // CNNVD: CNNVD-202106-235

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22324	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-007567	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-235	Trust: 0.7
db:	VULHUB	id:	VHN-380759	Trust: 0.1

sources: VULHUB: VHN-380759 // JVNDB: JVNDB-2021-007567 // CNNVD: CNNVD-202106-235 // NVD: CVE-2021-22324

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/3/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22324	Trust: 0.8

sources: VULHUB: VHN-380759 // JVNDB: JVNDB-2021-007567 // CNNVD: CNNVD-202106-235 // NVD: CVE-2021-22324

SOURCES

db:	VULHUB	id:	VHN-380759
db:	JVNDB	id:	JVNDB-2021-007567
db:	CNNVD	id:	CNNVD-202106-235
db:	NVD	id:	CVE-2021-22324

LAST UPDATE DATE

2024-08-14T15:01:26.829000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380759	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-007567	date:	2022-02-17T05:10:00
db:	CNNVD	id:	CNNVD-202106-235	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-22324	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380759	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007567	date:	2022-02-17T00:00:00
db:	CNNVD	id:	CNNVD-202106-235	date:	2021-06-03T00:00:00
db:	NVD	id:	CVE-2021-22324	date:	2021-06-03T17:15:07.423