Details of VAR-202202-0422

ID

VAR-202202-0422

CVE

CVE-2021-37115

TITLE

EMUI Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005123

DESCRIPTION

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. EMUI Exists in unspecified vulnerabilities.Information may be obtained. Huawei EMUI is an Android-based mobile operating system developed by China's Huawei (Huawei). An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2021-37115 // JVNDB: JVNDB-2022-005123 // VULHUB: VHN-398951

AFFECTED PRODUCTS

vendor:

huawei

model:

emui

scope:

version:

12.0.0

Trust: 1.0

sources: NVD: CVE-2021-37115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37115
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-37115
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-855
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-398951
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-37115
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398951
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37115
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37115
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005123 // NVD: CVE-2021-37115

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-855

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-855

PATCH

title:	HUAWEI EMUI/Magic UI security updates February 2022	url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 0.8
title:	HUAWEI EMUI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184117	Trust: 0.6

sources: JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37115	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005123	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-855	Trust: 0.6
db:	CNVD	id:	CNVD-2022-64484	Trust: 0.1
db:	VULHUB	id:	VHN-398951	Trust: 0.1

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37115	Trust: 1.4

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

SOURCES

db:	VULHUB	id:	VHN-398951
db:	JVNDB	id:	JVNDB-2022-005123
db:	CNNVD	id:	CNNVD-202202-855
db:	NVD	id:	CVE-2021-37115

LAST UPDATE DATE

2024-08-14T13:42:59.517000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398951	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-005123	date:	2023-05-18T07:52:00
db:	CNNVD	id:	CNNVD-202202-855	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-37115	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398951	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005123	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202202-855	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-37115	date:	2022-02-09T23:15:15.983