Details of VAR-202110-1862

ID

VAR-202110-1862

CVE

CVE-2021-37116

TITLE

HarmonyOS Input verification vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-017312

DESCRIPTION

PCManager has a Weaknesses Introduced During Design vulnerability .Successful exploitation of this vulnerability may cause that the PIN of the subscriber is changed. HarmonyOS There is an input validation vulnerability in.Information is obtained and service operation is interrupted (DoS) It may be in a state

Trust: 1.8

sources: NVD: CVE-2021-37116 // JVNDB: JVNDB-2021-017312 // VULHUB: VHN-398952 // VULMON: CVE-2021-37116

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-017312 // NVD: CVE-2021-37116

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37116
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-37116
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-202110-2219
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-398952
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37116
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398952
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37116
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.2
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37116
baseSeverity:	CRITICAL
baseScore:	9.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398952 // JVNDB: JVNDB-2021-017312 // CNNVD: CNNVD-202110-2219 // NVD: CVE-2021-37116

PROBLEMTYPE DATA

problemtype:	CWE-20	Trust: 1.1
problemtype:	Inappropriate input confirmation (CWE-20) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398952 // JVNDB: JVNDB-2021-017312 // NVD: CVE-2021-37116

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202110-2219

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202110-2219

PATCH

title:	security-bulletins-202110-0000001162998526	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176767	Trust: 0.6

sources: JVNDB: JVNDB-2021-017312 // CNNVD: CNNVD-202110-2219

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37116	Trust: 3.4
db:	JVNDB	id:	JVNDB-2021-017312	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-2219	Trust: 0.6
db:	VULHUB	id:	VHN-398952	Trust: 0.1
db:	VULMON	id:	CVE-2021-37116	Trust: 0.1

sources: VULHUB: VHN-398952 // VULMON: CVE-2021-37116 // JVNDB: JVNDB-2021-017312 // CNNVD: CNNVD-202110-2219 // NVD: CVE-2021-37116

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202110-0000001162998526	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37116	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202110-0000001162998526	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-398952 // VULMON: CVE-2021-37116 // JVNDB: JVNDB-2021-017312 // CNNVD: CNNVD-202110-2219 // NVD: CVE-2021-37116

SOURCES

db:	VULHUB	id:	VHN-398952
db:	VULMON	id:	CVE-2021-37116
db:	JVNDB	id:	JVNDB-2021-017312
db:	CNNVD	id:	CNNVD-202110-2219
db:	NVD	id:	CVE-2021-37116

LAST UPDATE DATE

2024-08-14T14:44:14.640000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398952	date:	2022-01-11T00:00:00
db:	VULMON	id:	CVE-2021-37116	date:	2022-01-04T00:00:00
db:	JVNDB	id:	JVNDB-2021-017312	date:	2023-01-13T06:31:00
db:	CNNVD	id:	CNNVD-202110-2219	date:	2022-01-13T00:00:00
db:	NVD	id:	CVE-2021-37116	date:	2022-01-11T19:44:30.417

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398952	date:	2022-01-03T00:00:00
db:	VULMON	id:	CVE-2021-37116	date:	2022-01-03T00:00:00
db:	JVNDB	id:	JVNDB-2021-017312	date:	2023-01-13T00:00:00
db:	CNNVD	id:	CNNVD-202110-2219	date:	2021-10-05T00:00:00
db:	NVD	id:	CVE-2021-37116	date:	2022-01-03T22:15:09.287