Details of VAR-202111-0851

ID

VAR-202111-0851

CVE

CVE-2021-37009

TITLE

Huawei Vulnerabilities in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015590

DESCRIPTION

There is a Configuration vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability will cause the confidentiality of users is affected. Huawei Smartphones have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

Trust: 1.71

sources: NVD: CVE-2021-37009 // JVNDB: JVNDB-2021-015590 // VULHUB: VHN-398840

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015590 // NVD: CVE-2021-37009

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37009
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37009
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202111-1879
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398840
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37009
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398840
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37009
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37009
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398840 // JVNDB: JVNDB-2021-015590 // CNNVD: CNNVD-202111-1879 // NVD: CVE-2021-37009

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015590 // NVD: CVE-2021-37009

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202111-1879

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202111-1879

PATCH

title:	security-bulletins-202108-0000001180965965	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=172178	Trust: 0.6

sources: JVNDB: JVNDB-2021-015590 // CNNVD: CNNVD-202111-1879

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37009	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015590	Trust: 0.8
db:	CNNVD	id:	CNNVD-202111-1879	Trust: 0.6
db:	CNVD	id:	CNVD-2021-102858	Trust: 0.1
db:	VULHUB	id:	VHN-398840	Trust: 0.1

sources: VULHUB: VHN-398840 // JVNDB: JVNDB-2021-015590 // CNNVD: CNNVD-202111-1879 // NVD: CVE-2021-37009

REFERENCES

url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202108-0000001180965965	Trust: 2.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37009	Trust: 1.4

sources: VULHUB: VHN-398840 // JVNDB: JVNDB-2021-015590 // CNNVD: CNNVD-202111-1879 // NVD: CVE-2021-37009

SOURCES

db:	VULHUB	id:	VHN-398840
db:	JVNDB	id:	JVNDB-2021-015590
db:	CNNVD	id:	CNNVD-202111-1879
db:	NVD	id:	CVE-2021-37009

LAST UPDATE DATE

2024-08-14T15:42:42.364000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398840	date:	2021-11-29T00:00:00
db:	JVNDB	id:	JVNDB-2021-015590	date:	2022-11-24T09:15:00
db:	CNNVD	id:	CNNVD-202111-1879	date:	2021-12-01T00:00:00
db:	NVD	id:	CVE-2021-37009	date:	2021-11-29T15:51:02.507

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398840	date:	2021-11-23T00:00:00
db:	JVNDB	id:	JVNDB-2021-015590	date:	2022-11-24T00:00:00
db:	CNNVD	id:	CNNVD-202111-1879	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-37009	date:	2021-11-23T16:15:09.067