ID

VAR-202112-0354


CVE

CVE-2021-37039


TITLE

plural  Huawei  Input validation vulnerability in smartphone products

Trust: 0.8

sources: JVNDB: JVNDB-2021-015890

DESCRIPTION

There is an Input verification vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may cause Bluetooth DoS. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. No detailed vulnerability details were provided at this time

Trust: 1.71

sources: NVD: CVE-2021-37039 // JVNDB: JVNDB-2021-015890 // VULHUB: VHN-398872

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:11.0.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:4.0.0

Trust: 1.0

vendor:huaweimodel:harmonyosscope:ltversion:2.0

Trust: 1.0

vendor:huaweimodel:magic uiscope:eqversion:3.1.1

Trust: 1.0

vendor:huaweimodel:emuiscope:eqversion:10.1.1

Trust: 1.0

vendor:huaweimodel:harmonyosscope: - version: -

Trust: 0.8

vendor:huaweimodel:magic uiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-015890 // NVD: CVE-2021-37039

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37039
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37039
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202109-2035
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398872
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-37039
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398872
severity: LOW
baseScore: 3.3
vectorString: AV:A/AC:L/AU:N/C:N/I:N/A:P
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 6.5
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37039
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37039
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398872 // JVNDB: JVNDB-2021-015890 // CNNVD: CNNVD-202109-2035 // NVD: CVE-2021-37039

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:Inappropriate input confirmation (CWE-20) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-398872 // JVNDB: JVNDB-2021-015890 // NVD: CVE-2021-37039

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202109-2035

TYPE

input validation error

Trust: 0.6

sources: CNNVD: CNNVD-202109-2035

PATCH

title:Input verification vulnerability in some HUAWEI phonesurl:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.8

title:Huawei HarmonyOS Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=173793

Trust: 0.6

sources: JVNDB: JVNDB-2021-015890 // CNNVD: CNNVD-202109-2035

EXTERNAL IDS

db:NVDid:CVE-2021-37039

Trust: 3.3

db:JVNDBid:JVNDB-2021-015890

Trust: 0.8

db:CNNVDid:CNNVD-202109-2035

Trust: 0.6

db:CNVDid:CNVD-2022-08330

Trust: 0.1

db:VULHUBid:VHN-398872

Trust: 0.1

sources: VULHUB: VHN-398872 // JVNDB: JVNDB-2021-015890 // CNNVD: CNNVD-202109-2035 // NVD: CVE-2021-37039

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2021/9/

Trust: 1.7

url:https://device.harmonyos.com/en/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37039

Trust: 0.8

url:https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202109-0000001196270727

Trust: 0.6

sources: VULHUB: VHN-398872 // JVNDB: JVNDB-2021-015890 // CNNVD: CNNVD-202109-2035 // NVD: CVE-2021-37039

SOURCES

db:VULHUBid:VHN-398872
db:JVNDBid:JVNDB-2021-015890
db:CNNVDid:CNNVD-202109-2035
db:NVDid:CVE-2021-37039

LAST UPDATE DATE

2024-08-14T13:53:44.598000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398872date:2021-12-09T00:00:00
db:JVNDBid:JVNDB-2021-015890date:2022-12-01T07:34:00
db:CNNVDid:CNNVD-202109-2035date:2021-12-10T00:00:00
db:NVDid:CVE-2021-37039date:2021-12-09T17:52:24.587

SOURCES RELEASE DATE

db:VULHUBid:VHN-398872date:2021-12-08T00:00:00
db:JVNDBid:JVNDB-2021-015890date:2022-12-01T00:00:00
db:CNNVDid:CNNVD-202109-2035date:2021-09-05T00:00:00
db:NVDid:CVE-2021-37039date:2021-12-08T15:15:09.210