Details of VAR-202204-0765

ID

VAR-202204-0765

CVE

CVE-2021-46740

TITLE

Huawei of EMUI and HarmonyOS Authentication vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2022-007972

DESCRIPTION

The device authentication service module has a defect vulnerability introduced in the design process.Successful exploitation of this vulnerability may affect data confidentiality. Huawei of EMUI and HarmonyOS There is an authentication vulnerability in.Information may be obtained. Huawei HarmonyOS is an operating system of the Chinese company Huawei. Provide a microkernel-based full-scenario distributed operating system. An attacker could exploit this vulnerability to bypass web authentication and gain administrative access to the device

Trust: 1.8

sources: NVD: CVE-2021-46740 // JVNDB: JVNDB-2022-007972 // VULHUB: VHN-418649 // VULMON: CVE-2021-46740

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	12.0.0	Trust: 1.0
vendor:	huawei	model:	harmonyos	scope:	eq	version:	2.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	harmonyos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-007972 // NVD: CVE-2021-46740

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-46740
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-46740
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202204-2012
value:	HIGH
Trust: 0.6
VULHUB:	VHN-418649
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-46740
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-46740
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-418649
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-46740
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-46740
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-418649 // VULMON: CVE-2021-46740 // JVNDB: JVNDB-2022-007972 // CNNVD: CNNVD-202204-2012 // NVD: CVE-2021-46740

PROBLEMTYPE DATA

problemtype:	CWE-287	Trust: 1.1
problemtype:	Inappropriate authentication (CWE-287) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-418649 // JVNDB: JVNDB-2022-007972 // NVD: CVE-2021-46740

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202204-2012

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202204-2012

PATCH

title:

Huawei HarmonyOS Remediation measures for authorization problem vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=189571

Trust: 0.6

sources: CNNVD: CNNVD-202204-2012

EXTERNAL IDS

db:	NVD	id:	CVE-2021-46740	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-007972	Trust: 0.8
db:	CNNVD	id:	CNNVD-202204-2012	Trust: 0.6
db:	CNVD	id:	CNVD-2022-44619	Trust: 0.1
db:	VULHUB	id:	VHN-418649	Trust: 0.1
db:	VULMON	id:	CVE-2021-46740	Trust: 0.1

sources: VULHUB: VHN-418649 // VULMON: CVE-2021-46740 // JVNDB: JVNDB-2022-007972 // CNNVD: CNNVD-202204-2012 // NVD: CVE-2021-46740

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/4/	Trust: 2.6
url:	https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202204-0000001224076294	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46740	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-46740/	Trust: 0.6
url:	https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202204-0000001266901897	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/287.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-418649 // VULMON: CVE-2021-46740 // JVNDB: JVNDB-2022-007972 // CNNVD: CNNVD-202204-2012 // NVD: CVE-2021-46740

SOURCES

db:	VULHUB	id:	VHN-418649
db:	VULMON	id:	CVE-2021-46740
db:	JVNDB	id:	JVNDB-2022-007972
db:	CNNVD	id:	CNNVD-202204-2012
db:	NVD	id:	CVE-2021-46740

LAST UPDATE DATE

2024-08-14T14:18:01.476000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-418649	date:	2022-04-15T00:00:00
db:	VULMON	id:	CVE-2021-46740	date:	2022-04-15T00:00:00
db:	JVNDB	id:	JVNDB-2022-007972	date:	2023-07-21T08:19:00
db:	CNNVD	id:	CNNVD-202204-2012	date:	2022-04-18T00:00:00
db:	NVD	id:	CVE-2021-46740	date:	2022-04-15T20:06:33.793

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-418649	date:	2022-04-11T00:00:00
db:	VULMON	id:	CVE-2021-46740	date:	2022-04-11T00:00:00
db:	JVNDB	id:	JVNDB-2022-007972	date:	2023-07-21T00:00:00
db:	CNNVD	id:	CNNVD-202204-2012	date:	2022-04-05T00:00:00
db:	NVD	id:	CVE-2021-46740	date:	2022-04-11T20:15:16.350