Details of VAR-202110-1489

ID

VAR-202110-1489

CVE

CVE-2021-36986

TITLE

Huawei Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014308

DESCRIPTION

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful exploitation of this vulnerability may escalate permissions. Huawei Smartphones have unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-36986 // JVNDB: JVNDB-2021-014308 // VULHUB: VHN-398818

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-014308 // NVD: CVE-2021-36986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-36986
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-36986
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-2083
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398818
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-36986
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398818
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-36986
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-36986
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398818 // JVNDB: JVNDB-2021-014308 // CNNVD: CNNVD-202110-2083 // NVD: CVE-2021-36986

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8
problemtype:	CWE-269	Trust: 0.1

sources: VULHUB: VHN-398818 // JVNDB: JVNDB-2021-014308 // NVD: CVE-2021-36986

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2083

TYPE

access control error

Trust: 0.6

sources: CNNVD: CNNVD-202110-2083

PATCH

title:	CVE-2021-36986	url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 0.8
title:	Huawei HarmonyOS Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=171589	Trust: 0.6

sources: JVNDB: JVNDB-2021-014308 // CNNVD: CNNVD-202110-2083

EXTERNAL IDS

db:	NVD	id:	CVE-2021-36986	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-014308	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2083	Trust: 0.6
db:	VULHUB	id:	VHN-398818	Trust: 0.1

sources: VULHUB: VHN-398818 // JVNDB: JVNDB-2021-014308 // CNNVD: CNNVD-202110-2083 // NVD: CVE-2021-36986

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/7/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36986	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.6

sources: VULHUB: VHN-398818 // JVNDB: JVNDB-2021-014308 // CNNVD: CNNVD-202110-2083 // NVD: CVE-2021-36986

SOURCES

db:	VULHUB	id:	VHN-398818
db:	JVNDB	id:	JVNDB-2021-014308
db:	CNNVD	id:	CNNVD-202110-2083
db:	NVD	id:	CVE-2021-36986

LAST UPDATE DATE

2024-08-14T13:43:16.816000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398818	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-014308	date:	2022-10-12T08:23:00
db:	CNNVD	id:	CNNVD-202110-2083	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-36986	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398818	date:	2021-10-28T00:00:00
db:	JVNDB	id:	JVNDB-2021-014308	date:	2022-10-12T00:00:00
db:	CNNVD	id:	CNNVD-202110-2083	date:	2021-10-28T00:00:00
db:	NVD	id:	CVE-2021-36986	date:	2021-10-28T13:15:10.400