Details of VAR-202106-1925

ID

VAR-202106-1925

CVE

CVE-2021-22334

TITLE

Huawei Fraud related to unauthorized authentication on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-007571

DESCRIPTION

There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may cause app redirections. Huawei Smartphones contain vulnerabilities related to fraudulent authentication.Information may be tampered with. A Huawei phone is a Huawei smartphone from the Chinese Huawei (Huawei) company. Certain Huawei phones contain an access control error vulnerability that could be exploited by an attacker to cause application redirection. The following products and versions are affected: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Trust: 1.8

sources: NVD: CVE-2021-22334 // JVNDB: JVNDB-2021-007571 // VULHUB: VHN-380769 // VULMON: CVE-2021-22334

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-007571 // NVD: CVE-2021-22334

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22334
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-22334
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202106-244
value:	HIGH
Trust: 0.6
VULHUB:	VHN-380769
value:	LOW
Trust: 0.1
VULMON:	CVE-2021-22334
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-22334
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380769
severity:	LOW
baseScore:	3.3
vectorString:	AV:A/AC:L/AU:N/C:N/I:P/A:N
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.5
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22334
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	4.0
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22334
baseSeverity:	HIGH
baseScore:	7.4
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380769 // VULMON: CVE-2021-22334 // JVNDB: JVNDB-2021-007571 // CNNVD: CNNVD-202106-244 // NVD: CVE-2021-22334

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	Bad authentication (CWE-863) [NVD Evaluation ]	Trust: 0.8
problemtype:	CWE-863	Trust: 0.1

sources: VULHUB: VHN-380769 // JVNDB: JVNDB-2021-007571 // NVD: CVE-2021-22334

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202106-244

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-244

PATCH

title:	Huawei EMUI/Magic UI security updates April 2021	url:	https://consumer.huawei.com/en/support/bulletin/2021/4/	Trust: 0.8
title:	Repair measures for vulnerabilities of Huawei mobile phone access control errors	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=153901	Trust: 0.6

sources: JVNDB: JVNDB-2021-007571 // CNNVD: CNNVD-202106-244

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22334	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-007571	Trust: 0.8
db:	CNNVD	id:	CNNVD-202106-244	Trust: 0.7
db:	VULHUB	id:	VHN-380769	Trust: 0.1
db:	VULMON	id:	CVE-2021-22334	Trust: 0.1

sources: VULHUB: VHN-380769 // VULMON: CVE-2021-22334 // JVNDB: JVNDB-2021-007571 // CNNVD: CNNVD-202106-244 // NVD: CVE-2021-22334

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/4/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22334	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380769 // VULMON: CVE-2021-22334 // JVNDB: JVNDB-2021-007571 // CNNVD: CNNVD-202106-244 // NVD: CVE-2021-22334

SOURCES

db:	VULHUB	id:	VHN-380769
db:	VULMON	id:	CVE-2021-22334
db:	JVNDB	id:	JVNDB-2021-007571
db:	CNNVD	id:	CNNVD-202106-244
db:	NVD	id:	CVE-2021-22334

LAST UPDATE DATE

2024-08-14T14:25:18.196000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380769	date:	2022-07-12T00:00:00
db:	VULMON	id:	CVE-2021-22334	date:	2021-06-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-007571	date:	2022-02-17T05:10:00
db:	CNNVD	id:	CNNVD-202106-244	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-22334	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380769	date:	2021-06-03T00:00:00
db:	VULMON	id:	CVE-2021-22334	date:	2021-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-007571	date:	2022-02-17T00:00:00
db:	CNNVD	id:	CNNVD-202106-244	date:	2021-06-03T00:00:00
db:	NVD	id:	CVE-2021-22334	date:	2021-06-03T20:15:08.470