Sign-up

ID

VAR-202202-1310


CVE

CVE-2021-39992


TITLE

EMUI  Vulnerability in improper permission assignment for critical resources in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005389

DESCRIPTION

There is an improper security permission configuration vulnerability on ACPU.Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability. (DoS) It may be in a state. Huawei EMUI is an Android-based mobile operating system developed by China's Huawei (Huawei). An attacker could exploit this vulnerability to execute arbitrary code on the system

Trust: 1.71

sources: NVD: CVE-2021-39992 // JVNDB: JVNDB-2022-005389 // VULHUB: VHN-401393

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005389 // NVD: CVE-2021-39992

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-39992
value: HIGH

Trust: 1.0

NVD: CVE-2021-39992
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-858
value: HIGH

Trust: 0.6

VULHUB: VHN-401393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-39992
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-401393
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-39992
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-39992
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-401393 // JVNDB: JVNDB-2022-005389 // CNNVD: CNNVD-202202-858 // NVD: CVE-2021-39992

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401393 // JVNDB: JVNDB-2022-005389 // NVD: CVE-2021-39992

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-858

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-858

PATCH

title:HUAWEI EMUI/Magic UI security updates February 2022url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 0.8

title:HUAWEI EMUI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184119

Trust: 0.6

sources: JVNDB: JVNDB-2022-005389 // CNNVD: CNNVD-202202-858

EXTERNAL IDS

db:NVDid:CVE-2021-39992

Trust: 3.3

db:JVNDBid:JVNDB-2022-005389

Trust: 0.8

db:CNNVDid:CNNVD-202202-858

Trust: 0.6

db:CNVDid:CNVD-2022-64482

Trust: 0.1

db:VULHUBid:VHN-401393

Trust: 0.1

sources: VULHUB: VHN-401393 // JVNDB: JVNDB-2022-005389 // CNNVD: CNNVD-202202-858 // NVD: CVE-2021-39992

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-39992

Trust: 1.4

sources: VULHUB: VHN-401393 // JVNDB: JVNDB-2022-005389 // CNNVD: CNNVD-202202-858 // NVD: CVE-2021-39992

SOURCES

db:VULHUBid:VHN-401393
db:JVNDBid:JVNDB-2022-005389
db:CNNVDid:CNNVD-202202-858
db:NVDid:CVE-2021-39992

LAST UPDATE DATE

2024-08-14T14:49:54.901000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-401393date:2022-02-16T00:00:00
db:JVNDBid:JVNDB-2022-005389date:2023-05-30T05:09:00
db:CNNVDid:CNNVD-202202-858date:2022-03-10T00:00:00
db:NVDid:CVE-2021-39992date:2022-02-16T01:52:28.310

SOURCES RELEASE DATE

db:VULHUBid:VHN-401393date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005389date:2023-05-30T00:00:00
db:CNNVDid:CNNVD-202202-858date:2022-02-09T00:00:00
db:NVDid:CVE-2021-39992date:2022-02-09T23:15:16.190