Details of VAR-202112-0343

ID

VAR-202112-0343

CVE

CVE-2021-37092

TITLE

plural Huawei Incomplete Cleanup Vulnerability in Smartphone Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015866

DESCRIPTION

There is a Incomplete Cleanup vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to availability affected. plural Huawei An incomplete cleanup vulnerability exists in smartphone products.Service operation interruption (DoS) It may be in a state. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. HUAWEI HarmonyOS has a resource management error vulnerability. This vulnerability is caused by a resource not closing or releasing vulnerability in a certain component of HarmonyOS. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2021-37092 // JVNDB: JVNDB-2021-015866 // VULHUB: VHN-398928

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	9.1.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015866 // NVD: CVE-2021-37092

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37092
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37092
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-2038
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398928
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37092
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398928
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37092
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37092
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

PROBLEMTYPE DATA

problemtype:	CWE-459	Trust: 1.1
problemtype:	incomplete cleanup (CWE-459) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // NVD: CVE-2021-37092

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2038

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2038

PATCH

title:	Memory leakage vulnerability in some HUAWEI devices	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173795	Trust: 0.6

sources: JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37092	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015866	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2038	Trust: 0.6
db:	CNVD	id:	CNVD-2022-08328	Trust: 0.1
db:	VULHUB	id:	VHN-398928	Trust: 0.1

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/10/	Trust: 1.7
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37092	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6

sources: VULHUB: VHN-398928 // JVNDB: JVNDB-2021-015866 // CNNVD: CNNVD-202109-2038 // NVD: CVE-2021-37092

SOURCES

db:	VULHUB	id:	VHN-398928
db:	JVNDB	id:	JVNDB-2021-015866
db:	CNNVD	id:	CNNVD-202109-2038
db:	NVD	id:	CVE-2021-37092

LAST UPDATE DATE

2024-08-14T14:11:10.103000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398928	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015866	date:	2022-12-01T03:15:00
db:	CNNVD	id:	CNNVD-202109-2038	date:	2021-12-10T00:00:00
db:	NVD	id:	CVE-2021-37092	date:	2021-12-09T17:59:00.210

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398928	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015866	date:	2022-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202109-2038	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-37092	date:	2021-12-08T15:15:09.920