Sign-up

ID

VAR-202108-2207


CVE

CVE-2021-22385


TITLE

plural  Huawei  Vulnerability in leaking resources to the wrong area in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-009783

DESCRIPTION

A component of the Huawei smartphone has a External Control of System or Configuration Setting vulnerability. Local attackers may exploit this vulnerability to cause Kernel Code Execution. plural Huawei Smartphone products contain vulnerabilities related to the leakage of resources to the wrong area.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.8

sources: NVD: CVE-2021-22385 // JVNDB: JVNDB-2021-009783 // VULHUB: VHN-380820 // VULMON: CVE-2021-22385

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-009783 // NVD: CVE-2021-22385

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22385
value: HIGH

Trust: 1.0

NVD: CVE-2021-22385
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202108-975
value: HIGH

Trust: 0.6

VULHUB: VHN-380820
value: HIGH

Trust: 0.1

VULMON: CVE-2021-22385
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-22385
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-380820
severity: HIGH
baseScore: 7.2
vectorString: AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22385
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22385
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380820 // VULMON: CVE-2021-22385 // JVNDB: JVNDB-2021-009783 // CNNVD: CNNVD-202108-975 // NVD: CVE-2021-22385

PROBLEMTYPE DATA

problemtype:CWE-668

Trust: 1.1

problemtype:Leakage of resources to the wrong area (CWE-668) [NVD Evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-380820 // JVNDB: JVNDB-2021-009783 // NVD: CVE-2021-22385

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-975

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-975

PATCH

title:CVE-2021-22385url:https://consumer.huawei.com/en/support/bulletin/2021/6/

Trust: 0.8

title:Huawei smartphone Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=159368

Trust: 0.6

sources: JVNDB: JVNDB-2021-009783 // CNNVD: CNNVD-202108-975

EXTERNAL IDS

db:NVDid:CVE-2021-22385

Trust: 3.4

db:JVNDBid:JVNDB-2021-009783

Trust: 0.8

db:CNNVDid:CNNVD-202108-975

Trust: 0.6

db:VULHUBid:VHN-380820

Trust: 0.1

db:VULMONid:CVE-2021-22385

Trust: 0.1

sources: VULHUB: VHN-380820 // VULMON: CVE-2021-22385 // JVNDB: JVNDB-2021-009783 // CNNVD: CNNVD-202108-975 // NVD: CVE-2021-22385

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/6/

Trust: 1.8

url:https://device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077

Trust: 1.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-22385

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-phones-202106-0000001165452077

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/863.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-380820 // VULMON: CVE-2021-22385 // JVNDB: JVNDB-2021-009783 // CNNVD: CNNVD-202108-975 // NVD: CVE-2021-22385

SOURCES

db:VULHUBid:VHN-380820
db:VULMONid:CVE-2021-22385
db:JVNDBid:JVNDB-2021-009783
db:CNNVDid:CNNVD-202108-975
db:NVDid:CVE-2021-22385

LAST UPDATE DATE

2024-08-14T14:44:20.995000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380820date:2022-05-03T00:00:00
db:VULMONid:CVE-2021-22385date:2021-08-17T00:00:00
db:JVNDBid:JVNDB-2021-009783date:2022-05-23T08:41:00
db:CNNVDid:CNNVD-202108-975date:2022-05-06T00:00:00
db:NVDid:CVE-2021-22385date:2022-05-03T16:04:40.443

SOURCES RELEASE DATE

db:VULHUBid:VHN-380820date:2021-08-10T00:00:00
db:VULMONid:CVE-2021-22385date:2021-08-10T00:00:00
db:JVNDBid:JVNDB-2021-009783date:2022-05-23T00:00:00
db:CNNVDid:CNNVD-202108-975date:2021-08-10T00:00:00
db:NVDid:CVE-2021-22385date:2021-08-10T14:15:07.173