ID

VAR-202202-0421


CVE

CVE-2021-39991


TITLE

EMUI  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005390

DESCRIPTION

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. EMUI Exists in unspecified vulnerabilities.Information may be obtained. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei). An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2021-39991 // JVNDB: JVNDB-2022-005390 // VULHUB: VHN-401392

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005390 // NVD: CVE-2021-39991

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39991
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-39991
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202202-857
value: MEDIUM

Trust: 0.6

VULHUB: VHN-401392
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-39991
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401392
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39991
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-39991
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401392 // JVNDB: JVNDB-2022-005390 // CNNVD: CNNVD-202202-857 // NVD: CVE-2021-39991

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005390 // NVD: CVE-2021-39991

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-857

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-857

PATCH

title:HUAWEI EMUI/Magic UI security updates February 2022url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 0.8

title:Huawei Emui Fixes for other vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=182487

Trust: 0.6

sources: JVNDB: JVNDB-2022-005390 // CNNVD: CNNVD-202202-857

EXTERNAL IDS

db:NVDid:CVE-2021-39991

Trust: 3.3

db:JVNDBid:JVNDB-2022-005390

Trust: 0.8

db:CNNVDid:CNNVD-202202-857

Trust: 0.6

db:CNVDid:CNVD-2022-64483

Trust: 0.1

db:VULHUBid:VHN-401392

Trust: 0.1

sources: VULHUB: VHN-401392 // JVNDB: JVNDB-2022-005390 // CNNVD: CNNVD-202202-857 // NVD: CVE-2021-39991

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-39991

Trust: 1.4

sources: VULHUB: VHN-401392 // JVNDB: JVNDB-2022-005390 // CNNVD: CNNVD-202202-857 // NVD: CVE-2021-39991

SOURCES

db:VULHUBid:VHN-401392
db:JVNDBid:JVNDB-2022-005390
db:CNNVDid:CNNVD-202202-857
db:NVDid:CVE-2021-39991

LAST UPDATE DATE

2024-08-14T15:11:36.978000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401392date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-005390date:2023-05-30T05:11:00
db:CNNVDid:CNNVD-202202-857date:2022-07-14T00:00:00
db:NVDid:CVE-2021-39991date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-401392date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005390date:2023-05-30T00:00:00
db:CNNVDid:CNNVD-202202-857date:2022-02-09T00:00:00
db:NVDid:CVE-2021-39991date:2022-02-09T23:15:16.133