ID

VAR-202202-0420


CVE

CVE-2021-39994


TITLE

EMUI  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005387

DESCRIPTION

There is an arbitrary address access vulnerability with the product line test code.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. EMUI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei EMUI is an Android-based mobile operating system developed by China's Huawei (Huawei). An attacker could exploit this vulnerability to execute arbitrary code on the system

Trust: 1.71

sources: NVD: CVE-2021-39994 // JVNDB: JVNDB-2022-005387 // VULHUB: VHN-401395

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005387 // NVD: CVE-2021-39994

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39994
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-39994
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-202202-859
value: CRITICAL

Trust: 0.6

VULHUB: VHN-401395
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-39994
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401395
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39994
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-39994
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401395 // JVNDB: JVNDB-2022-005387 // CNNVD: CNNVD-202202-859 // NVD: CVE-2021-39994

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005387 // NVD: CVE-2021-39994

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202202-859

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-859

PATCH

title:HUAWEI EMUI/Magic UI security updates February 2022url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 0.8

title:Huawei EMUI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184120

Trust: 0.6

sources: JVNDB: JVNDB-2022-005387 // CNNVD: CNNVD-202202-859

EXTERNAL IDS

db:NVDid:CVE-2021-39994

Trust: 3.3

db:JVNDBid:JVNDB-2022-005387

Trust: 0.8

db:CNNVDid:CNNVD-202202-859

Trust: 0.6

db:CNVDid:CNVD-2022-64481

Trust: 0.1

db:VULHUBid:VHN-401395

Trust: 0.1

sources: VULHUB: VHN-401395 // JVNDB: JVNDB-2022-005387 // CNNVD: CNNVD-202202-859 // NVD: CVE-2021-39994

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-39994

Trust: 1.4

sources: VULHUB: VHN-401395 // JVNDB: JVNDB-2022-005387 // CNNVD: CNNVD-202202-859 // NVD: CVE-2021-39994

SOURCES

db:VULHUBid:VHN-401395
db:JVNDBid:JVNDB-2022-005387
db:CNNVDid:CNNVD-202202-859
db:NVDid:CVE-2021-39994

LAST UPDATE DATE

2024-08-14T14:31:22.317000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401395date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-005387date:2023-05-30T05:07:00
db:CNNVDid:CNNVD-202202-859date:2022-07-14T00:00:00
db:NVDid:CVE-2021-39994date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-401395date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005387date:2023-05-30T00:00:00
db:CNNVDid:CNNVD-202202-859date:2022-02-09T00:00:00
db:NVDid:CVE-2021-39994date:2022-02-09T23:15:16.233