ID

VAR-202112-0222


CVE

CVE-2021-37100


TITLE

Huawei  Authentication Vulnerability in Smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015946

DESCRIPTION

There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to account authentication bypassed. Huawei Smartphones have an authentication vulnerability.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. There is a security vulnerability in Huawei HarmonyOS, which is caused by a component of the product that does not effectively authenticate user identities

Trust: 1.71

sources: NVD: CVE-2021-37100 // JVNDB: JVNDB-2021-015946 // VULHUB: VHN-398937

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015946 // NVD: CVE-2021-37100

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37100
value: HIGH

Trust: 1.0

NVD: CVE-2021-37100
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2023
value: HIGH

Trust: 0.6

VULHUB: VHN-398937
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37100
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398937
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37100
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37100
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // NVD: CVE-2021-37100

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2023

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-2023

PATCH

title:security-bulletins-202109-0000001196270727url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173501

Trust: 0.6

sources: JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023

EXTERNAL IDS

db:NVDid:CVE-2021-37100

Trust: 3.3

db:JVNDBid:JVNDB-2021-015946

Trust: 0.8

db:CNNVDid:CNNVD-202109-2023

Trust: 0.6

db:CNVDid:CNVD-2021-103533

Trust: 0.1

db:VULHUBid:VHN-398937

Trust: 0.1

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37100

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398937 // JVNDB: JVNDB-2021-015946 // CNNVD: CNNVD-202109-2023 // NVD: CVE-2021-37100

SOURCES

db:VULHUBid:VHN-398937
db:JVNDBid:JVNDB-2021-015946
db:CNNVDid:CNNVD-202109-2023
db:NVDid:CVE-2021-37100

LAST UPDATE DATE

2024-08-14T15:01:15.817000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398937date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015946date:2022-12-05T01:40:00
db:CNNVDid:CNNVD-202109-2023date:2021-12-10T00:00:00
db:NVDid:CVE-2021-37100date:2021-12-09T17:32:52.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-398937date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015946date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202109-2023date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37100date:2021-12-07T17:15:09.980