ID

VAR-202112-0333


CVE

CVE-2021-37043


TITLE

plural  Huawei  Authentication Vulnerability in Smartphone Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015758

DESCRIPTION

There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to malicious application processes occupy system resources. plural Huawei Smartphone products contain an authentication vulnerability.Service operation interruption (DoS) It may be in a state

Trust: 1.71

sources: NVD: CVE-2021-37043 // JVNDB: JVNDB-2021-015758 // VULHUB: VHN-398876

AFFECTED PRODUCTS

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:9.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:9.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:2.1.0

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:11.0.1

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015758 // NVD: CVE-2021-37043

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37043
value: HIGH

Trust: 1.0

NVD: CVE-2021-37043
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2064
value: HIGH

Trust: 0.6

VULHUB: VHN-398876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37043
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37043
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37043
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398876 // JVNDB: JVNDB-2021-015758 // CNNVD: CNNVD-202109-2064 // NVD: CVE-2021-37043

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398876 // JVNDB: JVNDB-2021-015758 // NVD: CVE-2021-37043

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2064

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-2064

PATCH

title:security-bulletins-202109-0000001196270727url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173239

Trust: 0.6

sources: JVNDB: JVNDB-2021-015758 // CNNVD: CNNVD-202109-2064

EXTERNAL IDS

db:NVDid:CVE-2021-37043

Trust: 3.3

db:JVNDBid:JVNDB-2021-015758

Trust: 0.8

db:CNNVDid:CNNVD-202109-2064

Trust: 0.6

db:VULHUBid:VHN-398876

Trust: 0.1

sources: VULHUB: VHN-398876 // JVNDB: JVNDB-2021-015758 // CNNVD: CNNVD-202109-2064 // NVD: CVE-2021-37043

REFERENCES

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37043

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398876 // JVNDB: JVNDB-2021-015758 // CNNVD: CNNVD-202109-2064 // NVD: CVE-2021-37043

SOURCES

db:VULHUBid:VHN-398876
db:JVNDBid:JVNDB-2021-015758
db:CNNVDid:CNNVD-202109-2064
db:NVDid:CVE-2021-37043

LAST UPDATE DATE

2024-08-14T13:53:44.623000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398876date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015758date:2022-11-30T01:35:00
db:CNNVDid:CNNVD-202109-2064date:2021-12-08T00:00:00
db:NVDid:CVE-2021-37043date:2021-12-09T17:48:30.133

SOURCES RELEASE DATE

db:VULHUBid:VHN-398876date:2021-12-07T00:00:00
db:JVNDBid:JVNDB-2021-015758date:2022-11-30T00:00:00
db:CNNVDid:CNNVD-202109-2064date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37043date:2021-12-07T17:15:08.387