Details of VAR-202206-0865

ID

VAR-202206-0865

CVE

CVE-2021-46813

TITLE

Huawei of EMUI and Magic UI Vulnerability related to deletion of sensitive information before storage or transfer in

Trust: 0.8

sources: JVNDB: JVNDB-2022-012100

DESCRIPTION

Vulnerability of residual files not being deleted after an update in the ChinaDRM module. Successful exploitation of this vulnerability may affect availability. Huawei of EMUI and Magic UI contains a vulnerability related to the deletion of sensitive information prior to storage or transmission.Service operation interruption (DoS) It may be in a state. HUAWEI EMUI is a mobile operating system developed by China Huawei (HUAWEI) based on Android. There is a security vulnerability in HUAWEI EMUI. The following products and versions are affected: EMUI 11.0.0, Magic UI 4.0.0

Trust: 1.8

sources: NVD: CVE-2021-46813 // JVNDB: JVNDB-2022-012100 // VULHUB: VHN-423546 // VULMON: CVE-2021-46813

AFFECTED PRODUCTS

vendor:	huawei	model:	emui	scope:	eq	version:	11.0.0	Trust: 1.0
vendor:	huawei	model:	magic ui	scope:	eq	version:	4.0.0	Trust: 1.0
vendor:	huawei	model:	emui	scope:	-	version:	-	Trust: 0.8
vendor:	huawei	model:	magic ui	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2022-012100 // NVD: CVE-2021-46813

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-46813
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-46813
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202206-1179
value:	HIGH
Trust: 0.6
VULHUB:	VHN-423546
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-46813
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-423546
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-46813
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2021-46813
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-423546 // JVNDB: JVNDB-2022-012100 // CNNVD: CNNVD-202206-1179 // NVD: CVE-2021-46813

PROBLEMTYPE DATA

problemtype:	CWE-212	Trust: 1.1
problemtype:	Improper removal of important information prior to storage or transfer (CWE-212) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-423546 // JVNDB: JVNDB-2022-012100 // NVD: CVE-2021-46813

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202206-1179

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202206-1179

PATCH

title:

HUAWEI EMUI Security vulnerabilities

url:

http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=198092

Trust: 0.6

sources: CNNVD: CNNVD-202206-1179

EXTERNAL IDS

db:	NVD	id:	CVE-2021-46813	Trust: 3.4
db:	JVNDB	id:	JVNDB-2022-012100	Trust: 0.8
db:	CNNVD	id:	CNNVD-202206-1179	Trust: 0.7
db:	CNVD	id:	CNVD-2022-51603	Trust: 0.1
db:	VULHUB	id:	VHN-423546	Trust: 0.1
db:	VULMON	id:	CVE-2021-46813	Trust: 0.1

sources: VULHUB: VHN-423546 // VULMON: CVE-2021-46813 // JVNDB: JVNDB-2022-012100 // CNNVD: CNNVD-202206-1179 // NVD: CVE-2021-46813

REFERENCES

url:	https://consumer.huawei.com/en/support/bulletin/2022/6/	Trust: 2.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-46813	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-46813/	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-423546 // VULMON: CVE-2021-46813 // JVNDB: JVNDB-2022-012100 // CNNVD: CNNVD-202206-1179 // NVD: CVE-2021-46813

SOURCES

db:	VULHUB	id:	VHN-423546
db:	VULMON	id:	CVE-2021-46813
db:	JVNDB	id:	JVNDB-2022-012100
db:	CNNVD	id:	CNNVD-202206-1179
db:	NVD	id:	CVE-2021-46813

LAST UPDATE DATE

2024-08-14T14:37:29.107000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-423546	date:	2022-06-27T00:00:00
db:	VULMON	id:	CVE-2021-46813	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-012100	date:	2023-08-25T08:14:00
db:	CNNVD	id:	CNNVD-202206-1179	date:	2022-06-30T00:00:00
db:	NVD	id:	CVE-2021-46813	date:	2022-06-27T16:11:26.213

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-423546	date:	2022-06-13T00:00:00
db:	VULMON	id:	CVE-2021-46813	date:	2022-06-13T00:00:00
db:	JVNDB	id:	JVNDB-2022-012100	date:	2023-08-25T00:00:00
db:	CNNVD	id:	CNNVD-202206-1179	date:	2022-06-13T00:00:00
db:	NVD	id:	CVE-2021-46813	date:	2022-06-13T16:15:08.190