Details of VAR-202112-0342

ID

VAR-202112-0342

CVE

CVE-2021-37093

TITLE

plural Huawei Vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015867

DESCRIPTION

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. plural Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability is caused by a component of the product that does not effectively authenticate user identities. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2021-37093 // JVNDB: JVNDB-2021-015867 // VULHUB: VHN-398929

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015867 // NVD: CVE-2021-37093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37093
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-37093
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202109-2028
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398929
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37093
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398929
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37093
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37093
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

PROBLEMTYPE DATA

problemtype:	NVD-CWE-Other	Trust: 1.0
problemtype:	others (CWE-Other) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-015867 // NVD: CVE-2021-37093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2028

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-2028

PATCH

title:	Improper access control vulnerability in some HUAWEI devices	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Fixes for access control error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173791	Trust: 0.6

sources: JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37093	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015867	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2028	Trust: 0.6
db:	CNVD	id:	CNVD-2022-08327	Trust: 0.1
db:	VULHUB	id:	VHN-398929	Trust: 0.1

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/10/	Trust: 1.7
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37093	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

SOURCES

db:	VULHUB	id:	VHN-398929
db:	JVNDB	id:	JVNDB-2021-015867
db:	CNNVD	id:	CNNVD-202109-2028
db:	NVD	id:	CVE-2021-37093

LAST UPDATE DATE

2024-08-14T14:50:03.418000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398929	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2021-015867	date:	2022-12-01T03:15:00
db:	CNNVD	id:	CNNVD-202109-2028	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-37093	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398929	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015867	date:	2022-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202109-2028	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-37093	date:	2021-12-08T15:15:09.973