ID

VAR-202110-1449


CVE

CVE-2021-22470


TITLE

HarmonyOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-014253

DESCRIPTION

A component of the HarmonyOS has a Privileges Controls vulnerability. Local attackers may exploit this vulnerability to expand the Recording Trusted Domain. HarmonyOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-22470 // JVNDB: JVNDB-2021-014253 // VULHUB: VHN-380905

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:eqversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-014253 // NVD: CVE-2021-22470

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22470
value: HIGH

Trust: 1.0

NVD: CVE-2021-22470
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202110-2064
value: HIGH

Trust: 0.6

VULHUB: VHN-380905
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22470
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-380905
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22470
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-22470
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-380905 // JVNDB: JVNDB-2021-014253 // CNNVD: CNNVD-202110-2064 // NVD: CVE-2021-22470

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-269

Trust: 0.1

sources: VULHUB: VHN-380905 // JVNDB: JVNDB-2021-014253 // NVD: CVE-2021-22470

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-2064

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2064

PATCH

title:security-bulletins-202107-0000001123874808url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808

Trust: 0.8

title:Huawei HarmonyOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171539

Trust: 0.6

sources: JVNDB: JVNDB-2021-014253 // CNNVD: CNNVD-202110-2064

EXTERNAL IDS

db:NVDid:CVE-2021-22470

Trust: 3.3

db:JVNDBid:JVNDB-2021-014253

Trust: 0.8

db:CNNVDid:CNNVD-202110-2064

Trust: 0.6

db:VULHUBid:VHN-380905

Trust: 0.1

sources: VULHUB: VHN-380905 // JVNDB: JVNDB-2021-014253 // CNNVD: CNNVD-202110-2064 // NVD: CVE-2021-22470

REFERENCES

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-22470

Trust: 0.8

sources: VULHUB: VHN-380905 // JVNDB: JVNDB-2021-014253 // CNNVD: CNNVD-202110-2064 // NVD: CVE-2021-22470

SOURCES

db:VULHUBid:VHN-380905
db:JVNDBid:JVNDB-2021-014253
db:CNNVDid:CNNVD-202110-2064
db:NVDid:CVE-2021-22470

LAST UPDATE DATE

2024-08-14T14:55:46.541000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-380905date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-014253date:2022-10-11T07:46:00
db:CNNVDid:CNNVD-202110-2064date:2022-07-14T00:00:00
db:NVDid:CVE-2021-22470date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-380905date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-014253date:2022-10-11T00:00:00
db:CNNVDid:CNNVD-202110-2064date:2021-10-28T00:00:00
db:NVDid:CVE-2021-22470date:2021-10-28T13:15:09.663