Details of VAR-202110-1486

ID

VAR-202110-1486

CVE

CVE-2021-36990

TITLE

Huawei Improper Default Permission Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014269

DESCRIPTION

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Huawei Smartphones are vulnerable to improper default permissions.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36990 // JVNDB: JVNDB-2021-014269 // VULHUB: VHN-398823

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014269 // NVD: CVE-2021-36990

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36990
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-36990
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-2088
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398823
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36990
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398823
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36990
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36990
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398823 // JVNDB: JVNDB-2021-014269 // CNNVD: CNNVD-202110-2088 // NVD: CVE-2021-36990

PROBLEMTYPE DATA

problemtype:	CWE-276	Trust: 1.1
problemtype:	Inappropriate default permissions (CWE-276) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398823 // JVNDB: JVNDB-2021-014269 // NVD: CVE-2021-36990

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2088

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2088

PATCH

title:	CVE-2021-36990	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171616	Trust: 0.6

sources: JVNDB: JVNDB-2021-014269 // CNNVD: CNNVD-202110-2088

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36990	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014269	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2088	Trust: 0.6
db:	VULHUB	id:	VHN-398823	Trust: 0.1

sources: VULHUB: VHN-398823 // JVNDB: JVNDB-2021-014269 // CNNVD: CNNVD-202110-2088 // NVD: CVE-2021-36990

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36990	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.6

sources: VULHUB: VHN-398823 // JVNDB: JVNDB-2021-014269 // CNNVD: CNNVD-202110-2088 // NVD: CVE-2021-36990

SOURCES

db:	VULHUB	id:	VHN-398823
db:	JVNDB	id:	JVNDB-2021-014269
db:	CNNVD	id:	CNNVD-202110-2088
db:	NVD	id:	CVE-2021-36990

LAST UPDATE DATE

2024-08-14T14:31:32.285000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398823	date:	2021-11-01T00:00:00
db:	JVNDB	id:	JVNDB-2021-014269	date:	2022-10-11T09:03:00
db:	CNNVD	id:	CNNVD-202110-2088	date:	2021-11-29T00:00:00
db:	NVD	id:	CVE-2021-36990	date:	2021-11-01T23:13:58.830

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398823	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014269	date:	2022-10-11T00:00:00
db:	CNNVD	id:	CNNVD-202110-2088	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36990	date:	2021-10-28T13:15:10.573