ID

VAR-202112-0247


CVE

CVE-2021-37067


TITLE

Huawei  Information disclosure vulnerability in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2021-015982

DESCRIPTION

There is a Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to Confidentiality impacted. Huawei Smartphones are vulnerable to information disclosure.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-37067 // JVNDB: JVNDB-2021-015982 // VULHUB: VHN-398901

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015982 // NVD: CVE-2021-37067

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37067
value: HIGH

Trust: 1.0

NVD: CVE-2021-37067
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2012
value: HIGH

Trust: 0.6

VULHUB: VHN-398901
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37067
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398901
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37067
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37067
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398901 // JVNDB: JVNDB-2021-015982 // CNNVD: CNNVD-202109-2012 // NVD: CVE-2021-37067

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

problemtype:information leak (CWE-200) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398901 // JVNDB: JVNDB-2021-015982 // NVD: CVE-2021-37067

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2012

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202109-2012

PATCH

title:security-bulletins-202109-0000001196270727url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173491

Trust: 0.6

sources: JVNDB: JVNDB-2021-015982 // CNNVD: CNNVD-202109-2012

EXTERNAL IDS

db:NVDid:CVE-2021-37067

Trust: 3.3

db:JVNDBid:JVNDB-2021-015982

Trust: 0.8

db:CNNVDid:CNNVD-202109-2012

Trust: 0.6

db:VULHUBid:VHN-398901

Trust: 0.1

sources: VULHUB: VHN-398901 // JVNDB: JVNDB-2021-015982 // CNNVD: CNNVD-202109-2012 // NVD: CVE-2021-37067

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37067

Trust: 1.4

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398901 // JVNDB: JVNDB-2021-015982 // CNNVD: CNNVD-202109-2012 // NVD: CVE-2021-37067

SOURCES

db:VULHUBid:VHN-398901
db:JVNDBid:JVNDB-2021-015982
db:CNNVDid:CNNVD-202109-2012
db:NVDid:CVE-2021-37067

LAST UPDATE DATE

2024-08-14T14:02:55.174000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398901date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015982date:2022-12-05T03:12:00
db:CNNVDid:CNNVD-202109-2012date:2021-12-14T00:00:00
db:NVDid:CVE-2021-37067date:2021-12-09T17:38:10.913

SOURCES RELEASE DATE

db:VULHUBid:VHN-398901date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015982date:2022-12-05T00:00:00
db:CNNVDid:CNNVD-202109-2012date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37067date:2021-12-07T17:15:08.883