ID

VAR-202112-0138


CVE

CVE-2021-37038


TITLE

Huawei  Vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015796

DESCRIPTION

There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained. Huawei Emui is a mobile operating system developed based on Android. Magic Ui is a mobile operating system developed based on Android

Trust: 1.71

sources: NVD: CVE-2021-37038 // JVNDB: JVNDB-2021-015796 // VULHUB: VHN-398871

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015796 // NVD: CVE-2021-37038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37038
value: HIGH

Trust: 1.0

NVD: CVE-2021-37038
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202112-460
value: HIGH

Trust: 0.6

VULHUB: VHN-398871
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37038
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398871
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37038
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37038
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398871 // JVNDB: JVNDB-2021-015796 // CNNVD: CNNVD-202112-460 // NVD: CVE-2021-37038

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

problemtype:CWE-863

Trust: 0.1

sources: VULHUB: VHN-398871 // JVNDB: JVNDB-2021-015796 // NVD: CVE-2021-37038

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202112-460

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202112-460

PATCH

title:HUAWEI EMUI/Magic UI security updates September 2021url:https://consumer.huawei.com/en/support/bulletin/2021/9/

Trust: 0.8

title:Huawei Smartphone Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173132

Trust: 0.6

sources: JVNDB: JVNDB-2021-015796 // CNNVD: CNNVD-202112-460

EXTERNAL IDS

db:NVDid:CVE-2021-37038

Trust: 3.3

db:JVNDBid:JVNDB-2021-015796

Trust: 0.8

db:CNNVDid:CNNVD-202112-460

Trust: 0.6

db:CNVDid:CNVD-2021-102853

Trust: 0.1

db:VULHUBid:VHN-398871

Trust: 0.1

sources: VULHUB: VHN-398871 // JVNDB: JVNDB-2021-015796 // CNNVD: CNNVD-202112-460 // NVD: CVE-2021-37038

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/9/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37038

Trust: 1.4

sources: VULHUB: VHN-398871 // JVNDB: JVNDB-2021-015796 // CNNVD: CNNVD-202112-460 // NVD: CVE-2021-37038

SOURCES

db:VULHUBid:VHN-398871
db:JVNDBid:JVNDB-2021-015796
db:CNNVDid:CNNVD-202112-460
db:NVDid:CVE-2021-37038

LAST UPDATE DATE

2024-08-14T15:01:15.890000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398871date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-015796date:2022-11-30T05:12:00
db:CNNVDid:CNNVD-202112-460date:2022-07-14T00:00:00
db:NVDid:CVE-2021-37038date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398871date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015796date:2022-11-30T00:00:00
db:CNNVDid:CNNVD-202112-460date:2021-12-07T00:00:00
db:NVDid:CVE-2021-37038date:2021-12-07T16:15:07.377