ID

VAR-202112-0342


CVE

CVE-2021-37093


TITLE

plural  Huawei  Vulnerabilities in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015867

DESCRIPTION

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. plural Huawei Smartphone products have unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. The vulnerability is caused by a component of the product that does not effectively authenticate user identities. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2021-37093 // JVNDB: JVNDB-2021-015867 // VULHUB: VHN-398929

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015867 // NVD: CVE-2021-37093

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37093
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37093
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202109-2028
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398929
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37093
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398929
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37093
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-37093
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:others (CWE-Other) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-015867 // NVD: CVE-2021-37093

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2028

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202109-2028

PATCH

title:Improper access control vulnerability in some HUAWEI devicesurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173791

Trust: 0.6

sources: JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028

EXTERNAL IDS

db:NVDid:CVE-2021-37093

Trust: 3.3

db:JVNDBid:JVNDB-2021-015867

Trust: 0.8

db:CNNVDid:CNNVD-202109-2028

Trust: 0.6

db:CNVDid:CNVD-2022-08327

Trust: 0.1

db:VULHUBid:VHN-398929

Trust: 0.1

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/10/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37093

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398929 // JVNDB: JVNDB-2021-015867 // CNNVD: CNNVD-202109-2028 // NVD: CVE-2021-37093

SOURCES

db:VULHUBid:VHN-398929
db:JVNDBid:JVNDB-2021-015867
db:CNNVDid:CNNVD-202109-2028
db:NVDid:CVE-2021-37093

LAST UPDATE DATE

2024-08-14T14:50:03.418000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398929date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2021-015867date:2022-12-01T03:15:00
db:CNNVDid:CNNVD-202109-2028date:2022-07-14T00:00:00
db:NVDid:CVE-2021-37093date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398929date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015867date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202109-2028date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37093date:2021-12-08T15:15:09.973