Details of VAR-202112-0346

ID

VAR-202112-0346

CVE

CVE-2021-37054

TITLE

plural Huawei Authentication Vulnerability in Smartphone Products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015862

DESCRIPTION

There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may affect service confidentiality. plural Huawei Smartphone products contain an authentication vulnerability.Information may be obtained

Trust: 1.71

sources: NVD: CVE-2021-37054 // JVNDB: JVNDB-2021-015862 // VULHUB: VHN-398887

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015862 // NVD: CVE-2021-37054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37054
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37054
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202109-2017
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398887
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37054
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398887
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37054
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37054
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // NVD: CVE-2021-37054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202109-2017

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202109-2017

PATCH

title:	Identity spoofing and authentication bypass vulnerability in some HUAWEI phones	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.8
title:	Huawei HarmonyOS Remediation measures for authorization problem vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173785	Trust: 0.6

sources: JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37054	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-015862	Trust: 0.8
db:	CNNVD	id:	CNNVD-202109-2017	Trust: 0.6
db:	VULHUB	id:	VHN-398887	Trust: 0.1

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2021/9/	Trust: 1.7
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37054	Trust: 0.8
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727	Trust: 0.6

sources: VULHUB: VHN-398887 // JVNDB: JVNDB-2021-015862 // CNNVD: CNNVD-202109-2017 // NVD: CVE-2021-37054

SOURCES

db:	VULHUB	id:	VHN-398887
db:	JVNDB	id:	JVNDB-2021-015862
db:	CNNVD	id:	CNNVD-202109-2017
db:	NVD	id:	CVE-2021-37054

LAST UPDATE DATE

2024-08-14T15:22:02.764000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398887	date:	2021-12-09T00:00:00
db:	JVNDB	id:	JVNDB-2021-015862	date:	2022-12-01T03:15:00
db:	CNNVD	id:	CNNVD-202109-2017	date:	2021-12-10T00:00:00
db:	NVD	id:	CVE-2021-37054	date:	2021-12-09T17:52:37.077

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398887	date:	2021-12-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-015862	date:	2022-12-01T00:00:00
db:	CNNVD	id:	CNNVD-202109-2017	date:	2021-09-05T00:00:00
db:	NVD	id:	CVE-2021-37054	date:	2021-12-08T15:15:09.700