Details of VAR-202110-1447

ID

VAR-202110-1447

CVE

CVE-2021-36989

TITLE

Huawei Improper Default Permission Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014305

DESCRIPTION

There is a Kernel crash vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Huawei Smartphones are vulnerable to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36989 // JVNDB: JVNDB-2021-014305 // VULHUB: VHN-398821

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014305 // NVD: CVE-2021-36989

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36989
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-36989
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-2087
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398821
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36989
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398821
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36989
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36989
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398821 // JVNDB: JVNDB-2021-014305 // CNNVD: CNNVD-202110-2087 // NVD: CVE-2021-36989

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398821 // JVNDB: JVNDB-2021-014305 // NVD: CVE-2021-36989

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2087

TYPE

code problem

Trust: 0.6

sources: CNNVD: CNNVD-202110-2087

PATCH

title:	CVE-2021-36989	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Fixes for code issue vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171608	Trust: 0.6

sources: JVNDB: JVNDB-2021-014305 // CNNVD: CNNVD-202110-2087

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36989	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014305	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2087	Trust: 0.6
db:	VULHUB	id:	VHN-398821	Trust: 0.1

sources: VULHUB: VHN-398821 // JVNDB: JVNDB-2021-014305 // CNNVD: CNNVD-202110-2087 // NVD: CVE-2021-36989

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36989	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.6

sources: VULHUB: VHN-398821 // JVNDB: JVNDB-2021-014305 // CNNVD: CNNVD-202110-2087 // NVD: CVE-2021-36989

SOURCES

db:	VULHUB	id:	VHN-398821
db:	JVNDB	id:	JVNDB-2021-014305
db:	CNNVD	id:	CNNVD-202110-2087
db:	NVD	id:	CVE-2021-36989

LAST UPDATE DATE

2024-08-14T13:43:16.866000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398821	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014305	date:	2022-10-12T08:18:00
db:	CNNVD	id:	CNNVD-202110-2087	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36989	date:	2021-11-01T18:06:44.317

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398821	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014305	date:	2022-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-2087	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36989	date:	2021-10-28T13:15:10.530