Lucene search

HuaweiCVE-2021-22421

HistoryAug 03, 2021 - 6:15 p.m.

CVE-2021-22421

2021-08-0318:15:08

CWE-269

huawei

web.nvd.nist.gov

cve-2021-22421

harmonyos

improper privilege management

local attackers

elevation of privileges

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

A component of the HarmonyOS has a Improper Privilege Management vulnerability. Local attackers may exploit this vulnerability to cause further Elevation of Privileges.

Affected configurations

Nvd

Vulners

Node

huaweiharmonyosMatch2.0

VendorProductVersionCPE
huaweiharmonyos2.0cpe:2.3:o:huawei:harmonyos:2.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	harmonyos	2.0	cpe:2.3:o:huawei:harmonyos:2.0:::::::*

CNA Affected

[
  {
    "product": "HarmonyOS",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "2.0"
      }
    ]
  }
]

References

device.harmonyos.com/cn/docs/security/update/oem_security_update_phone_202106-0000001165452077

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

5.1%

JSON

Related for CVE-2021-22421