ID

VAR-202112-0346


CVE

CVE-2021-37054


TITLE

plural  Huawei  Authentication Vulnerability in Smartphone Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015862

DESCRIPTION

There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. plural Huawei Smartphone products contain an authentication vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-37054 // JVNDB: JVNDB-2021-015862 // VULHUB: VHN-398887

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015862 // NVD: CVE-2021-37054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37054
value: HIGH

Trust: 1.0

NVD: CVE-2021-37054
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202109-2017
value: HIGH

Trust: 0.6

VULHUB: VHN-398887
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37054
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398887
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37054
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37054
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

PROBLEMTYPE DATA

problemtype:CWE-287

Trust: 1.1

problemtype:Inappropriate authentication (CWE-287) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // NVD: CVE-2021-37054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2017

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-2017

PATCH

title:Identity spoofing and authentication bypass vulnerability in some HUAWEI phonesurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173785

Trust: 0.6

sources: JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017

EXTERNAL IDS

db:NVDid:CVE-2021-37054

Trust: 3.3

db:JVNDBid:JVNDB-2021-015862

Trust: 0.8

db:CNNVDid:CNNVD-202109-2017

Trust: 0.6

db:VULHUBid:VHN-398887

Trust: 0.1

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/9/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37054

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

SOURCES

db:VULHUBid:VHN-398887
db:JVNDBid:JVNDB-2021-015862
db:CNNVDid:CNNVD-202109-2017
db:NVDid:CVE-2021-37054

LAST UPDATE DATE

2024-08-14T15:22:02.764000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398887date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015862date:2022-12-01T03:15:00
db:CNNVDid:CNNVD-202109-2017date:2021-12-10T00:00:00
db:NVDid:CVE-2021-37054date:2021-12-09T17:52:37.077

SOURCES RELEASE DATE

db:VULHUBid:VHN-398887date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015862date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202109-2017date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37054date:2021-12-08T15:15:09.700