Sign-up

ID

VAR-202110-1493


CVE

CVE-2021-22488


TITLE

Huawei  Link Interpretation Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-014312

DESCRIPTION

There is an Unauthorized file access vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability by modifying soft links may tamper with the files restored from backups. Huawei Smartphones contain a link interpretation vulnerability.Information may be tampered with. Huawei Smartphone is a smartphone of China's Huawei (Huawei) company. There is an authorization issue vulnerability in many Huawei devices

Trust: 2.25

sources: NVD: CVE-2021-22488 // JVNDB: JVNDB-2021-014312 // CNVD: CNVD-2021-84243 // VULHUB: VHN-380923

IOT TAXONOMY

category:['IoT']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-84243

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.6

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.6

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.6

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.6

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: CNVD: CNVD-2021-84243 // JVNDB: JVNDB-2021-014312 // NVD: CVE-2021-22488

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-22488
value: HIGH

Trust: 1.0

NVD: CVE-2021-22488
value: HIGH

Trust: 0.8

CNVD: CNVD-2021-84243
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202110-2079
value: HIGH

Trust: 0.6

VULHUB: VHN-380923
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-22488
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2021-84243
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-380923
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-22488
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-22488
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: CNVD: CNVD-2021-84243 // VULHUB: VHN-380923 // JVNDB: JVNDB-2021-014312 // CNNVD: CNNVD-202110-2079 // NVD: CVE-2021-22488

PROBLEMTYPE DATA

problemtype:CWE-59

Trust: 1.1

problemtype:Link interpretation problem (CWE-59) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-668

Trust: 0.1

sources: VULHUB: VHN-380923 // JVNDB: JVNDB-2021-014312 // NVD: CVE-2021-22488

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2079

TYPE

post link

Trust: 0.6

sources: CNNVD: CNNVD-202110-2079

PATCH

title:CVE-2021-22488url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 0.8

title:Patch for Huawei Smartphone Authorization Issue Vulnerability (CNVD-2021-84243)url:https://www.cnvd.org.cn/patchInfo/show/296886

Trust: 0.6

title:Huawei Smartphone Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168218

Trust: 0.6

sources: CNVD: CNVD-2021-84243 // JVNDB: JVNDB-2021-014312 // CNNVD: CNNVD-202110-2079

EXTERNAL IDS

db:NVDid:CVE-2021-22488

Trust: 3.9

db:JVNDBid:JVNDB-2021-014312

Trust: 0.8

db:CNVDid:CNVD-2021-84243

Trust: 0.6

db:CNNVDid:CNNVD-202110-2079

Trust: 0.6

db:VULHUBid:VHN-380923

Trust: 0.1

sources: CNVD: CNVD-2021-84243 // VULHUB: VHN-380923 // JVNDB: JVNDB-2021-014312 // CNNVD: CNNVD-202110-2079 // NVD: CVE-2021-22488

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/7/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-22488

Trust: 1.4

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2021-22488

Trust: 0.6

sources: CNVD: CNVD-2021-84243 // VULHUB: VHN-380923 // JVNDB: JVNDB-2021-014312 // CNNVD: CNNVD-202110-2079 // NVD: CVE-2021-22488

SOURCES

db:CNVDid:CNVD-2021-84243
db:VULHUBid:VHN-380923
db:JVNDBid:JVNDB-2021-014312
db:CNNVDid:CNNVD-202110-2079
db:NVDid:CVE-2021-22488

LAST UPDATE DATE

2024-08-14T15:37:52.087000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-84243date:2021-11-05T00:00:00
db:VULHUBid:VHN-380923date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-014312date:2022-10-12T08:33:00
db:CNNVDid:CNNVD-202110-2079date:2022-07-14T00:00:00
db:NVDid:CVE-2021-22488date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-84243date:2021-11-05T00:00:00
db:VULHUBid:VHN-380923date:2021-10-28T00:00:00
db:JVNDBid:JVNDB-2021-014312date:2022-10-12T00:00:00
db:CNNVDid:CNNVD-202110-2079date:2021-10-28T00:00:00
db:NVDid:CVE-2021-22488date:2021-10-28T13:15:10.227