Details of VAR-202202-1311

ID

VAR-202202-1311

CVE

CVE-2021-39986

TITLE

EMUI Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005122

DESCRIPTION

There is an unauthorized rewriting vulnerability with the memory access management module on ACPU.Successful exploitation of this vulnerability may affect service confidentiality. EMUI Exists in unspecified vulnerabilities.Information may be obtained. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2021-39986 // JVNDB: JVNDB-2022-005122 // VULHUB: VHN-401387

AFFECTED PRODUCTS

vendor:

huawei

model:

emui

scope:

version:

12.0.0

Trust: 1.0

sources: NVD: CVE-2021-39986

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-39986
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-39986
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202202-856
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-401387
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-39986
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401387
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-39986
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-39986
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401387 // JVNDB: JVNDB-2022-005122 // CNNVD: CNNVD-202202-856 // NVD: CVE-2021-39986

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005122 // NVD: CVE-2021-39986

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-856

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-856

PATCH

title:	HUAWEI EMUI/Magic UI security updates February 2022	url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 0.8
title:	HUAWEI EMUI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184118	Trust: 0.6

sources: JVNDB: JVNDB-2022-005122 // CNNVD: CNNVD-202202-856

EXTERNAL IDS

db:	NVD	id:	CVE-2021-39986	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005122	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-856	Trust: 0.6
db:	CNVD	id:	CNVD-2022-12802	Trust: 0.1
db:	VULHUB	id:	VHN-401387	Trust: 0.1

sources: VULHUB: VHN-401387 // JVNDB: JVNDB-2022-005122 // CNNVD: CNNVD-202202-856 // NVD: CVE-2021-39986

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39986	Trust: 1.4

sources: VULHUB: VHN-401387 // JVNDB: JVNDB-2022-005122 // CNNVD: CNNVD-202202-856 // NVD: CVE-2021-39986

SOURCES

db:	VULHUB	id:	VHN-401387
db:	JVNDB	id:	JVNDB-2022-005122
db:	CNNVD	id:	CNNVD-202202-856
db:	NVD	id:	CVE-2021-39986

LAST UPDATE DATE

2024-08-14T15:21:54.413000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401387	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-005122	date:	2023-05-18T07:52:00
db:	CNNVD	id:	CNNVD-202202-856	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-39986	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401387	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005122	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202202-856	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-39986	date:	2022-02-09T23:15:16.087