Details of VAR-202112-0222

ID

VAR-202112-0222

CVE

CVE-2021-37100

TITLE

Huawei Authentication Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015946

DESCRIPTION

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. Huawei Smartphones have an authentication vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a component of the product that does not effectively authenticate user identities

Trust: 1.71

sources: NVD: CVE-2021-37100 // JVNDB: JVNDB-2021-015946 // VULHUB: VHN-398937

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015946 // NVD: CVE-2021-37100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37100
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37100
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-2023
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398937
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37100
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398937
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37100
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37100
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // NVD: CVE-2021-37100

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2023

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-2023

PATCH

title:	security-bulletins-202109-0000001196270727	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173501	Trust: 0.6

sources: JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37100	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015946	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2023	Trust: 0.6
db:	CNVD	id:	CNVD-2021-103533	Trust: 0.1
db:	VULHUB	id:	VHN-398937	Trust: 0.1

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37100	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

SOURCES

db:	VULHUB	id:	VHN-398937
db:	JVNDB	id:	JVNDB-2021-015946
db:	CNNVD	id:	CNNVD-202109-2023
db:	NVD	id:	CVE-2021-37100

LAST UPDATE DATE

2024-08-14T15:01:15.817000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398937	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015946	date:	2022-12-05T01:40:00
db:	CNNVD	id:	CNNVD-202109-2023	date:	2021-12-10T00:00:00
db:	NVD	id:	CVE-2021-37100	date:	2021-12-09T17:32:52.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398937	date:	2021-12-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-015946	date:	2022-12-05T00:00:00
db:	CNNVD	id:	CNNVD-202109-2023	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-37100	date:	2021-12-07T17:15:09.980