Details of VAR-202108-2205

ID

VAR-202108-2205

CVE

CVE-2021-22389

TITLE

Huawei Fraud related to unauthorized authentication on smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-010875

DESCRIPTION

There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause certain codes to be executed. Huawei Smartphones contain vulnerabilities related to fraudulent authentication.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-22389 // JVNDB: JVNDB-2021-010875 // VULHUB: VHN-380824 // VULMON: CVE-2021-22389

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-010875 // NVD: CVE-2021-22389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22389
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-22389
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202108-106
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-380824
value:	HIGH
Trust: 0.1
VULMON:	CVE-2021-22389
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-22389
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380824
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22389
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22389
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380824 // VULMON: CVE-2021-22389 // JVNDB: JVNDB-2021-010875 // CNNVD: CNNVD-202108-106 // NVD: CVE-2021-22389

PROBLEMTYPE DATA

problemtype:	CWE-863	Trust: 1.1
problemtype:	Illegal authentication (CWE-863) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-380824 // JVNDB: JVNDB-2021-010875 // NVD: CVE-2021-22389

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-106

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-106

PATCH

title:	CVE-2021-22389	url:	https://consumer.huawei.com/en/support/bulletin/2021/6/	Trust: 0.8
title:	Huawei Smartphone Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159051	Trust: 0.6

sources: JVNDB: JVNDB-2021-010875 // CNNVD: CNNVD-202108-106

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22389	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-010875	Trust: 0.8
db:	CNNVD	id:	CNNVD-202108-106	Trust: 0.6
db:	VULHUB	id:	VHN-380824	Trust: 0.1
db:	VULMON	id:	CVE-2021-22389	Trust: 0.1

sources: VULHUB: VHN-380824 // VULMON: CVE-2021-22389 // JVNDB: JVNDB-2021-010875 // CNNVD: CNNVD-202108-106 // NVD: CVE-2021-22389

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/6/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22389	Trust: 0.8
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380824 // VULMON: CVE-2021-22389 // JVNDB: JVNDB-2021-010875 // CNNVD: CNNVD-202108-106 // NVD: CVE-2021-22389

SOURCES

db:	VULHUB	id:	VHN-380824
db:	VULMON	id:	CVE-2021-22389
db:	JVNDB	id:	JVNDB-2021-010875
db:	CNNVD	id:	CNNVD-202108-106
db:	NVD	id:	CVE-2021-22389

LAST UPDATE DATE

2024-08-14T14:18:22.850000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380824	date:	2021-12-09T00:00:00
db:	VULMON	id:	CVE-2021-22389	date:	2021-08-06T00:00:00
db:	JVNDB	id:	JVNDB-2021-010875	date:	2022-07-11T05:34:00
db:	CNNVD	id:	CNNVD-202108-106	date:	2021-08-09T00:00:00
db:	NVD	id:	CVE-2021-22389	date:	2021-12-09T17:55:10.153

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380824	date:	2021-08-02T00:00:00
db:	VULMON	id:	CVE-2021-22389	date:	2021-08-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-010875	date:	2022-07-11T00:00:00
db:	CNNVD	id:	CNNVD-202108-106	date:	2021-08-02T00:00:00
db:	NVD	id:	CVE-2021-22389	date:	2021-08-02T17:15:13.883