Details of VAR-202110-1481

ID

VAR-202110-1481

CVE

CVE-2021-36995

TITLE

Huawei Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014263

DESCRIPTION

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. Huawei Smartphones have unspecified vulnerabilities.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-36995 // JVNDB: JVNDB-2021-014263 // VULHUB: VHN-398828

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014263 // NVD: CVE-2021-36995

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36995
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-36995
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-2094
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398828
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-36995
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398828
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36995
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36995
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398828 // JVNDB: JVNDB-2021-014263 // CNNVD: CNNVD-202110-2094 // NVD: CVE-2021-36995

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-014263 // NVD: CVE-2021-36995

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2094

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2094

PATCH

title:	CVE-2021-36995	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei Smartphone Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168231	Trust: 0.6

sources: JVNDB: JVNDB-2021-014263 // CNNVD: CNNVD-202110-2094

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36995	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014263	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2094	Trust: 0.6
db:	VULHUB	id:	VHN-398828	Trust: 0.1

sources: VULHUB: VHN-398828 // JVNDB: JVNDB-2021-014263 // CNNVD: CNNVD-202110-2094 // NVD: CVE-2021-36995

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36995	Trust: 1.4

sources: VULHUB: VHN-398828 // JVNDB: JVNDB-2021-014263 // CNNVD: CNNVD-202110-2094 // NVD: CVE-2021-36995

SOURCES

db:	VULHUB	id:	VHN-398828
db:	JVNDB	id:	JVNDB-2021-014263
db:	CNNVD	id:	CNNVD-202110-2094
db:	NVD	id:	CVE-2021-36995

LAST UPDATE DATE

2024-08-14T14:37:50.983000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398828	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014263	date:	2022-10-11T08:47:00
db:	CNNVD	id:	CNNVD-202110-2094	date:	2021-11-03T00:00:00
db:	NVD	id:	CVE-2021-36995	date:	2021-11-01T21:24:48.403

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398828	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014263	date:	2022-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202110-2094	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36995	date:	2021-10-28T13:15:10.787