ID

VAR-202202-0422


CVE

CVE-2021-37115


TITLE

EMUI  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005123

DESCRIPTION

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. EMUI Exists in unspecified vulnerabilities.Information may be obtained. Huawei EMUI is an Android-based mobile operating system developed by China's Huawei (Huawei). An attacker could exploit this vulnerability to obtain sensitive information

Trust: 1.71

sources: NVD: CVE-2021-37115 // JVNDB: JVNDB-2022-005123 // VULHUB: VHN-398951

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

sources: NVD: CVE-2021-37115

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37115
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-37115
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202202-855
value: MEDIUM

Trust: 0.6

VULHUB: VHN-398951
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2021-37115
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398951
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37115
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-37115
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005123 // NVD: CVE-2021-37115

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-855

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-855

PATCH

title:HUAWEI EMUI/Magic UI security updates February 2022url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 0.8

title:HUAWEI EMUI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184117

Trust: 0.6

sources: JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855

EXTERNAL IDS

db:NVDid:CVE-2021-37115

Trust: 3.3

db:JVNDBid:JVNDB-2022-005123

Trust: 0.8

db:CNNVDid:CNNVD-202202-855

Trust: 0.6

db:CNVDid:CNVD-2022-64484

Trust: 0.1

db:VULHUBid:VHN-398951

Trust: 0.1

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37115

Trust: 1.4

sources: VULHUB: VHN-398951 // JVNDB: JVNDB-2022-005123 // CNNVD: CNNVD-202202-855 // NVD: CVE-2021-37115

SOURCES

db:VULHUBid:VHN-398951
db:JVNDBid:JVNDB-2022-005123
db:CNNVDid:CNNVD-202202-855
db:NVDid:CVE-2021-37115

LAST UPDATE DATE

2024-08-14T13:42:59.517000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398951date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-005123date:2023-05-18T07:52:00
db:CNNVDid:CNNVD-202202-855date:2022-07-14T00:00:00
db:NVDid:CVE-2021-37115date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398951date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005123date:2023-05-18T00:00:00
db:CNNVDid:CNNVD-202202-855date:2022-02-09T00:00:00
db:NVDid:CVE-2021-37115date:2022-02-09T23:15:15.983