ID

VAR-202202-1312


CVE

CVE-2021-37109


TITLE

EMUI  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-005124

DESCRIPTION

There is a security protection bypass vulnerability with the modem.Successful exploitation of this vulnerability may cause memory protection failure. EMUI Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Huawei Emui is an Android-based mobile operating system developed by China's Huawei (Huawei)

Trust: 1.71

sources: NVD: CVE-2021-37109 // JVNDB: JVNDB-2022-005124 // VULHUB: VHN-398944

AFFECTED PRODUCTS

vendor:huaweimodel:emuiscope:eqversion:12.0.0

Trust: 1.0

vendor:huaweimodel:emuiscope: - version: -

Trust: 0.8

vendor:huaweimodel:emuiscope:eqversion: -

Trust: 0.8

sources: JVNDB: JVNDB-2022-005124 // NVD: CVE-2021-37109

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-37109
value: HIGH

Trust: 1.0

NVD: CVE-2021-37109
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202202-854
value: HIGH

Trust: 0.6

VULHUB: VHN-398944
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-37109
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-398944
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-37109
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-37109
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2022-005124 // NVD: CVE-2021-37109

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202202-854

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202202-854

PATCH

title:HUAWEI EMUI/Magic UI security updates February 2022url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 0.8

title:HUAWEI EMUI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=184116

Trust: 0.6

sources: JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854

EXTERNAL IDS

db:NVDid:CVE-2021-37109

Trust: 3.3

db:JVNDBid:JVNDB-2022-005124

Trust: 0.8

db:CNNVDid:CNNVD-202202-854

Trust: 0.6

db:CNVDid:CNVD-2022-12801

Trust: 0.1

db:VULHUBid:VHN-398944

Trust: 0.1

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

REFERENCES

url:https://consumer.huawei.com/en/support/bulletin/2022/2/

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-37109

Trust: 1.4

sources: VULHUB: VHN-398944 // JVNDB: JVNDB-2022-005124 // CNNVD: CNNVD-202202-854 // NVD: CVE-2021-37109

SOURCES

db:VULHUBid:VHN-398944
db:JVNDBid:JVNDB-2022-005124
db:CNNVDid:CNNVD-202202-854
db:NVDid:CVE-2021-37109

LAST UPDATE DATE

2024-08-14T15:06:28.495000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-398944date:2022-07-12T00:00:00
db:JVNDBid:JVNDB-2022-005124date:2023-05-18T07:52:00
db:CNNVDid:CNNVD-202202-854date:2022-07-14T00:00:00
db:NVDid:CVE-2021-37109date:2022-07-12T17:42:04.277

SOURCES RELEASE DATE

db:VULHUBid:VHN-398944date:2022-02-09T00:00:00
db:JVNDBid:JVNDB-2022-005124date:2023-05-18T00:00:00
db:CNNVDid:CNNVD-202202-854date:2022-02-09T00:00:00
db:NVDid:CVE-2021-37109date:2022-02-09T23:15:15.943