Details of VAR-202201-1023

ID

VAR-202201-1023

CVE

CVE-2021-40022

TITLE

HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002901

DESCRIPTION

The weaver module has a vulnerability in parameter type verification,Successful exploitation of this vulnerability may affect data confidentiality. HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system

Trust: 1.71

sources: NVD: CVE-2021-40022 // JVNDB: JVNDB-2022-002901 // VULHUB: VHN-401423

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002901 // NVD: CVE-2021-40022

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40022
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-40022
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-302
value:	HIGH
Trust: 0.6
VULHUB:	VHN-401423
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40022
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401423
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40022
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40022
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401423 // JVNDB: JVNDB-2022-002901 // CNNVD: CNNVD-202201-302 // NVD: CVE-2021-40022

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002901 // NVD: CVE-2021-40022

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-302

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-302

PATCH

title:	security-bulletins-202201-0000001238736331	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=178004	Trust: 0.6

sources: JVNDB: JVNDB-2022-002901 // CNNVD: CNNVD-202201-302

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40022	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-002901	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-302	Trust: 0.7
db:	CNVD	id:	CNVD-2022-08459	Trust: 0.1
db:	VULHUB	id:	VHN-401423	Trust: 0.1

sources: VULHUB: VHN-401423 // JVNDB: JVNDB-2022-002901 // CNNVD: CNNVD-202201-302 // NVD: CVE-2021-40022

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40022	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 0.6

sources: VULHUB: VHN-401423 // JVNDB: JVNDB-2022-002901 // CNNVD: CNNVD-202201-302 // NVD: CVE-2021-40022

SOURCES

db:	VULHUB	id:	VHN-401423
db:	JVNDB	id:	JVNDB-2022-002901
db:	CNNVD	id:	CNNVD-202201-302
db:	NVD	id:	CVE-2021-40022

LAST UPDATE DATE

2024-08-14T15:06:34.338000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401423	date:	2022-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-002901	date:	2023-01-25T08:50:00
db:	CNNVD	id:	CNNVD-202201-302	date:	2022-01-17T00:00:00
db:	NVD	id:	CVE-2021-40022	date:	2022-01-13T03:17:45.520

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401423	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002901	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202201-302	date:	2022-01-05T00:00:00
db:	NVD	id:	CVE-2021-40022	date:	2022-01-10T14:10:21.653