Lucene search

K
cve[email protected]CVE-2021-22352
HistoryJun 30, 2021 - 9:15 p.m.

CVE-2021-22352

2021-06-3021:15:09
web.nvd.nist.gov
35
4
cve-2021-22352
configuration defect
vulnerability
huawei smartphone
hijacking
ui manipulation
malicious commands

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

27.2%

There is a Configuration Defect Vulnerability in Huawei Smartphone. Successful exploitation of this vulnerability may allow attackers to hijack the device and forge UIs to induce users to execute malicious commands.

Affected configurations

NVD
Node
huaweiemuiMatch10.1.1
OR
huaweiemuiMatch11.0.0
OR
huaweiemuiMatch11.0.1
OR
huaweimagic_uiMatch3.1.1
OR
huaweimagic_uiMatch4.0.0

CNA Affected

[
  {
    "product": "EMUI;Magic UI",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "EMUI 11.0.1,EMUI 11.0.0,EMUI 10.1.1"
      },
      {
        "status": "affected",
        "version": "Magic UI 4.0.0,Magic UI 3.1.1"
      }
    ]
  }
]

Social References

More

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

27.2%

Related for CVE-2021-22352