Details of VAR-202202-1312

ID

VAR-202202-1312

CVE

CVE-2021-37109

TITLE

EMUI Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005124

DESCRIPTION

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. EMUI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2021-37109 // JVNDB: JVNDB-2022-005124 // VULHUB: VHN-398944

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-005124 // NVD: CVE-2021-37109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-37109
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-37109
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202202-854
value:	HIGH
Trust: 0.6
VULHUB:	VHN-398944
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-37109
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-398944
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-37109
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-37109
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	Lack of information (CWE-noinfo) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2022-005124 // NVD: CVE-2021-37109

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-854

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-854

PATCH

title:	HUAWEI EMUI/Magic UI security updates February 2022	url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 0.8
title:	HUAWEI EMUI Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184116	Trust: 0.6

sources: JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854

EXTERNAL IDS

db:	NVD	id:	CVE-2021-37109	Trust: 3.3
db:	JVNDB	id:	JVNDB-2022-005124	Trust: 0.8
db:	CNNVD	id:	CNNVD-202202-854	Trust: 0.6
db:	CNVD	id:	CNVD-2022-12801	Trust: 0.1
db:	VULHUB	id:	VHN-398944	Trust: 0.1

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/2/	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-37109	Trust: 1.4

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

SOURCES

db:	VULHUB	id:	VHN-398944
db:	JVNDB	id:	JVNDB-2022-005124
db:	CNNVD	id:	CNNVD-202202-854
db:	NVD	id:	CVE-2021-37109

LAST UPDATE DATE

2024-08-14T15:06:28.495000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-398944	date:	2022-07-12T00:00:00
db:	JVNDB	id:	JVNDB-2022-005124	date:	2023-05-18T07:52:00
db:	CNNVD	id:	CNNVD-202202-854	date:	2022-07-14T00:00:00
db:	NVD	id:	CVE-2021-37109	date:	2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-398944	date:	2022-02-09T00:00:00
db:	JVNDB	id:	JVNDB-2022-005124	date:	2023-05-18T00:00:00
db:	CNNVD	id:	CNNVD-202202-854	date:	2022-02-09T00:00:00
db:	NVD	id:	CVE-2021-37109	date:	2022-02-09T23:15:15.943