Details of VAR-202107-0362

ID

VAR-202107-0362

CVE

CVE-2021-22399

TITLE

plural Huawei Vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-009234

DESCRIPTION

The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11). plural Huawei There are unspecified vulnerabilities in smartphones.Denial of service (DoS) It may be put into a state. Huawei P30 is a smart phone of China's Huawei (Huawei) company. There is an input verification error vulnerability in Huawei P30. The vulnerability stems from a vulnerability in the Bluetooth module of the product when processing broadcast data. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.79

sources: NVD: CVE-2021-22399 // JVNDB: JVNDB-2021-009234 // CNVD: CNVD-2021-51440 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22399

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-51440

AFFECTED PRODUCTS

vendor:	huawei	model:	p30	scope:	-	version:	-	Trust: 1.4
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.201\(c10e7r5p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.195\(c432e22r2p5\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.209\(c636e6r3p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.201\(c185e4r7p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	lt	version:	10.1.0.165\(c01e165r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.206\(c605e19r1p3\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.200\(c461e6r3p1\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.210\(c635e3r2p4\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	10.0.0.200\(c00e85r2p11\)	Trust: 1.0
vendor:	huawei	model:	p30	scope:	eq	version:	p30 firmware	Trust: 0.8
vendor:	huawei	model:	p30	scope:	eq	version:	-	Trust: 0.8

sources: CNVD: CNVD-2021-51440 // JVNDB: JVNDB-2021-009234 // NVD: CVE-2021-22399

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22399
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-22399
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2021-51440
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202107-359
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22399
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-22399
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2021-51440
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:N/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22399
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22399
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2021-51440 // VULMON: CVE-2021-22399 // JVNDB: JVNDB-2021-009234 // CNNVD: CNNVD-202107-359 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22399

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD Evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-009234 // NVD: CVE-2021-22399

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-359

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202107-359

PATCH

title:	huawei-sa-20210707-03-dos	url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en	Trust: 0.8
title:	Patch for Huawei P30 input verification error vulnerability (CNVD-2021-51440)	url:	https://www.cnvd.org.cn/patchInfo/show/279316	Trust: 0.6
title:	Huawei P30 Enter the fix for the verification error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=156195	Trust: 0.6

sources: CNVD: CNVD-2021-51440 // JVNDB: JVNDB-2021-009234 // CNNVD: CNNVD-202107-359

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22399	Trust: 3.9
db:	JVNDB	id:	JVNDB-2021-009234	Trust: 0.8
db:	CNVD	id:	CNVD-2021-51440	Trust: 0.6
db:	CS-HELP	id:	SB2021070716	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-359	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	VULMON	id:	CVE-2021-22399	Trust: 0.1

sources: CNVD: CNVD-2021-51440 // VULMON: CVE-2021-22399 // JVNDB: JVNDB-2021-009234 // CNNVD: CNNVD-202107-359 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22399

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22399	Trust: 1.4
url:	https://www.cybersecurity-help.cz/vdb/sb2021070716	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210707-03-dos-cn	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-51440 // VULMON: CVE-2021-22399 // JVNDB: JVNDB-2021-009234 // CNNVD: CNNVD-202107-359 // CNNVD: CNNVD-202104-975 // NVD: CVE-2021-22399

CREDITS

The vulnerability was discovered by an external security researcher

Trust: 0.6

sources: CNNVD: CNNVD-202107-359

SOURCES

db:	CNVD	id:	CNVD-2021-51440
db:	VULMON	id:	CVE-2021-22399
db:	JVNDB	id:	JVNDB-2021-009234
db:	CNNVD	id:	CNNVD-202107-359
db:	CNNVD	id:	CNNVD-202104-975
db:	NVD	id:	CVE-2021-22399

LAST UPDATE DATE

2024-08-14T12:22:03.352000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-51440	date:	2021-07-16T00:00:00
db:	VULMON	id:	CVE-2021-22399	date:	2021-07-15T00:00:00
db:	JVNDB	id:	JVNDB-2021-009234	date:	2022-04-18T07:03:00
db:	CNNVD	id:	CNNVD-202107-359	date:	2021-07-16T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	NVD	id:	CVE-2021-22399	date:	2021-07-15T22:27:15.447

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-51440	date:	2021-07-16T00:00:00
db:	VULMON	id:	CVE-2021-22399	date:	2021-07-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-009234	date:	2022-04-18T00:00:00
db:	CNNVD	id:	CNNVD-202107-359	date:	2021-07-07T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	NVD	id:	CVE-2021-22399	date:	2021-07-13T12:15:09.820