Details of VAR-202203-0263

ID

VAR-202203-0263

CVE

CVE-2021-40054

TITLE

Huawei of EMUI and Magic UI Integer Underflow Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-018710

DESCRIPTION

There is an integer underflow vulnerability in the atcmdserver module. Successful exploitation of this vulnerability may affect integrity. Huawei of EMUI and Magic UI Exists in an integer underflow vulnerability.Information may be tampered with

Trust: 1.71

sources: NVD: CVE-2021-40054 // JVNDB: JVNDB-2021-018710 // VULHUB: VHN-401455

AFFECTED PRODUCTS

vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	3.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	huawei	model:	emui	scope:	eq	version:	11.0.1	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-018710 // NVD: CVE-2021-40054

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40054
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-40054
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202203-981
value:	HIGH
Trust: 0.6
VULHUB:	VHN-401455
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-40054
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-401455
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:C/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	COMPLETE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40054
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-40054
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-401455 // JVNDB: JVNDB-2021-018710 // CNNVD: CNNVD-202203-981 // NVD: CVE-2021-40054

PROBLEMTYPE DATA

problemtype:	CWE-191	Trust: 1.1
problemtype:	Integer underflow (CWE-191) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-401455 // JVNDB: JVNDB-2021-018710 // NVD: CVE-2021-40054

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202203-981

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-202203-981

PATCH

title:

HUAWEI EMUI Fixes for digital error vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186010

Trust: 0.6

sources: CNNVD: CNNVD-202203-981

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40054	Trust: 3.3
db:	JVNDB	id:	JVNDB-2021-018710	Trust: 0.8
db:	CNNVD	id:	CNNVD-202203-981	Trust: 0.6
db:	VULHUB	id:	VHN-401455	Trust: 0.1

sources: VULHUB: VHN-401455 // JVNDB: JVNDB-2021-018710 // CNNVD: CNNVD-202203-981 // NVD: CVE-2021-40054

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/3/	Trust: 2.5
url:	https://nvd.nist.gov/vuln/detail/cve-2021-40054	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-40054/	Trust: 0.6

sources: VULHUB: VHN-401455 // JVNDB: JVNDB-2021-018710 // CNNVD: CNNVD-202203-981 // NVD: CVE-2021-40054

SOURCES

db:	VULHUB	id:	VHN-401455
db:	JVNDB	id:	JVNDB-2021-018710
db:	CNNVD	id:	CNNVD-202203-981
db:	NVD	id:	CVE-2021-40054

LAST UPDATE DATE

2024-08-14T14:49:54.256000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-401455	date:	2022-03-14T00:00:00
db:	JVNDB	id:	JVNDB-2021-018710	date:	2023-07-05T08:11:00
db:	CNNVD	id:	CNNVD-202203-981	date:	2022-03-16T00:00:00
db:	NVD	id:	CVE-2021-40054	date:	2022-03-14T15:51:06.307

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-401455	date:	2022-03-10T00:00:00
db:	JVNDB	id:	JVNDB-2021-018710	date:	2023-07-05T00:00:00
db:	CNNVD	id:	CNNVD-202203-981	date:	2022-03-10T00:00:00
db:	NVD	id:	CVE-2021-40054	date:	2022-03-10T17:43:20.147