Details of VAR-202110-1416

ID

VAR-202110-1416

CVE

CVE-2021-22436

TITLE

Huawei Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014461

DESCRIPTION

There is a Logic Bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service integrity and availability. Huawei Smartphones have unspecified vulnerabilities.Information is tampered with and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-22436 // JVNDB: JVNDB-2021-014461 // VULHUB: VHN-380871 // VULMON: CVE-2021-22436

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014461 // NVD: CVE-2021-22436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22436
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-22436
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-2039
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-380871
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-22436
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-22436
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-380871
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-22436
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-22436
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-380871 // VULMON: CVE-2021-22436 // JVNDB: JVNDB-2021-014461 // CNNVD: CNNVD-202110-2039 // NVD: CVE-2021-22436

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014461 // NVD: CVE-2021-22436

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2039

TYPE

handling logic errors

Trust: 0.6

sources: CNNVD: CNNVD-202110-2039

PATCH

title:	HUAWEI EMUI/Magic UI security updates July 2021	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Repair measures to handle logic errors	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171449	Trust: 0.6

sources: JVNDB: JVNDB-2021-014461 // CNNVD: CNNVD-202110-2039

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22436	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-014461	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2039	Trust: 0.6
db:	VULHUB	id:	VHN-380871	Trust: 0.1
db:	VULMON	id:	CVE-2021-22436	Trust: 0.1

sources: VULHUB: VHN-380871 // VULMON: CVE-2021-22436 // JVNDB: JVNDB-2021-014461 // CNNVD: CNNVD-202110-2039 // NVD: CVE-2021-22436

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22436	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-wearables-202108-0000001135186780	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-380871 // VULMON: CVE-2021-22436 // JVNDB: JVNDB-2021-014461 // CNNVD: CNNVD-202110-2039 // NVD: CVE-2021-22436

SOURCES

db:	VULHUB	id:	VHN-380871
db:	VULMON	id:	CVE-2021-22436
db:	JVNDB	id:	JVNDB-2021-014461
db:	CNNVD	id:	CNNVD-202110-2039
db:	NVD	id:	CVE-2021-22436

LAST UPDATE DATE

2024-08-14T15:01:17.703000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-380871	date:	2021-11-02T00:00:00
db:	VULMON	id:	CVE-2021-22436	date:	2021-11-02T00:00:00
db:	JVNDB	id:	JVNDB-2021-014461	date:	2022-10-19T03:59:00
db:	CNNVD	id:	CNNVD-202110-2039	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-22436	date:	2021-11-02T14:31:18.487

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-380871	date:	2021-10-28T00:00:00
db:	VULMON	id:	CVE-2021-22436	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014461	date:	2022-10-19T00:00:00
db:	CNNVD	id:	CNNVD-202110-2039	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-22436	date:	2021-10-28T13:15:08.773