Details of VAR-202201-1068

ID

VAR-202201-1068

CVE

CVE-2021-40032

TITLE

HarmonyOS Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-002895

DESCRIPTION

The bone voice ID TA has a vulnerability in information management,Successful exploitation of this vulnerability may affect data confidentiality. HarmonyOS Exists in unspecified vulnerabilities.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. An attacker could exploit this vulnerability to compromise confidentiality. No detailed vulnerability details are currently available

Trust: 1.71

sources: NVD: CVE-2021-40032 // JVNDB: JVNDB-2022-002895 // VULHUB: VHN-401433

AFFECTED PRODUCTS

vendor:	huawei	model:	harmonyos	scope:	lt	version:	2.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-002895 // NVD: CVE-2021-40032

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40032
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-40032
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202201-272
value:	HIGH
Trust: 0.6
VULHUB:	VHN-401433
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40032
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401433
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40032
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40032
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401433 // JVNDB: JVNDB-2022-002895 // CNNVD: CNNVD-202201-272 // NVD: CVE-2021-40032

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-002895 // NVD: CVE-2021-40032

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202201-272

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202201-272

PATCH

title:	security-bulletins-202201-0000001238736331	url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 0.8
title:	Huawei HarmonyOS Security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=177992	Trust: 0.6

sources: JVNDB: JVNDB-2022-002895 // CNNVD: CNNVD-202201-272

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40032	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-002895	Trust: 0.8
db:	CNNVD	id:	CNNVD-202201-272	Trust: 0.6
db:	CNVD	id:	CNVD-2022-08451	Trust: 0.1
db:	VULHUB	id:	VHN-401433	Trust: 0.1

sources: VULHUB: VHN-401433 // JVNDB: JVNDB-2022-002895 // CNNVD: CNNVD-202201-272 // NVD: CVE-2021-40032

REFERENCES

url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 1.7
url:	https://consumer.huawei.com/en/support/bulletin/2023/7/	Trust: 1.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-202307-0000001587168858	Trust: 1.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40032	Trust: 1.4
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202307-0000001587168858	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202201-0000001238736331	Trust: 0.6

sources: VULHUB: VHN-401433 // JVNDB: JVNDB-2022-002895 // CNNVD: CNNVD-202201-272 // NVD: CVE-2021-40032

SOURCES

db:	VULHUB	id:	VHN-401433
db:	JVNDB	id:	JVNDB-2022-002895
db:	CNNVD	id:	CNNVD-202201-272
db:	NVD	id:	CVE-2021-40032

LAST UPDATE DATE

2024-08-14T15:32:54.700000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401433	date:	2022-01-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-002895	date:	2023-01-25T07:36:00
db:	CNNVD	id:	CNNVD-202201-272	date:	2023-07-07T00:00:00
db:	NVD	id:	CVE-2021-40032	date:	2023-07-06T14:15:10.450

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401433	date:	2022-01-10T00:00:00
db:	JVNDB	id:	JVNDB-2022-002895	date:	2023-01-25T00:00:00
db:	CNNVD	id:	CNNVD-202201-272	date:	2022-01-05T00:00:00
db:	NVD	id:	CVE-2021-40032	date:	2022-01-10T14:10:22.200