Details of VAR-202110-1850

ID

VAR-202110-1850

CVE

CVE-2021-39981

TITLE

HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017585

DESCRIPTION

Chang Lian application has a vulnerability which can be maliciously exploited to hide the calling number.Successful exploitation of this vulnerability allows you to make an anonymous call. HarmonyOS Exists in unspecified vulnerabilities.Information may be tampered with. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. Huawei HarmonyOS has security vulnerabilities

Trust: 1.8

sources: NVD: CVE-2021-39981 // JVNDB: JVNDB-2021-017585 // VULHUB: VHN-401382 // VULMON: CVE-2021-39981

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017585 // NVD: CVE-2021-39981

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-39981
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-39981
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202110-2231
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-401382
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-39981
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401382
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-39981
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-39981
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401382 // JVNDB: JVNDB-2021-017585 // CNNVD: CNNVD-202110-2231 // NVD: CVE-2021-39981

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-017585 // NVD: CVE-2021-39981

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2231

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202110-2231

PATCH

title:	security-bulletins-202110-0000001162998526	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176779	Trust: 0.6

sources: JVNDB: JVNDB-2021-017585 // CNNVD: CNNVD-202110-2231

EXTERNAL IDS

db:	NVD	id:	CVE-2021-39981	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-017585	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2231	Trust: 0.6
db:	CNVD	id:	CNVD-2022-08456	Trust: 0.1
db:	VULHUB	id:	VHN-401382	Trust: 0.1
db:	VULMON	id:	CVE-2021-39981	Trust: 0.1

sources: VULHUB: VHN-401382 // VULMON: CVE-2021-39981 // JVNDB: JVNDB-2021-017585 // CNNVD: CNNVD-202110-2231 // NVD: CVE-2021-39981

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39981	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-visions-202110-0000001162597918	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-401382 // VULMON: CVE-2021-39981 // JVNDB: JVNDB-2021-017585 // CNNVD: CNNVD-202110-2231 // NVD: CVE-2021-39981

SOURCES

db:	VULHUB	id:	VHN-401382
db:	VULMON	id:	CVE-2021-39981
db:	JVNDB	id:	JVNDB-2021-017585
db:	CNNVD	id:	CNNVD-202110-2231
db:	NVD	id:	CVE-2021-39981

LAST UPDATE DATE

2024-08-14T15:33:02.018000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401382	date:	2022-01-13T00:00:00
db:	VULMON	id:	CVE-2021-39981	date:	2022-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-017585	date:	2023-01-27T03:16:00
db:	CNNVD	id:	CNNVD-202110-2231	date:	2022-01-14T00:00:00
db:	NVD	id:	CVE-2021-39981	date:	2022-01-13T19:21:58.607

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401382	date:	2022-01-03T00:00:00
db:	VULMON	id:	CVE-2021-39981	date:	2022-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-017585	date:	2023-01-27T00:00:00
db:	CNNVD	id:	CNNVD-202110-2231	date:	2021-10-05T00:00:00
db:	NVD	id:	CVE-2021-39981	date:	2022-01-03T22:15:10.627