Lucene search

[email protected]CVE-2021-37056

HistoryDec 07, 2021 - 4:15 p.m.

CVE-2021-37056

2021-12-0716:15:07

CWE-281

[email protected]

web.nvd.nist.gov

cve-2021-37056

improper permission control

huawei smartphone

vulnerability

device information

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

There is an Improper permission control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may allow attempts to obtain certain device information.

Affected configurations

NVD

Node

huaweiemuiMatch9.1.0

huaweiemuiMatch9.1.1

huaweiemuiMatch10.0.0

huaweiemuiMatch10.1.0

huaweimagic_uiMatch2.1.1

huaweimagic_uiMatch3.0.0

huaweimagic_uiMatch3.1.0

VendorProductVersionCPE
huaweiemui9.1.0cpe:/o:huawei:emui:9.1.0:::
huaweimagic_ui3.1.0cpe:/o:huawei:magic_ui:3.1.0:::
huaweiemui10.0.0cpe:/o:huawei:emui:10.0.0:::
huaweiemui10.1.0cpe:/o:huawei:emui:10.1.0:::
huaweiemui9.1.1cpe:/o:huawei:emui:9.1.1:::
huaweimagic_ui3.0.0cpe:/o:huawei:magic_ui:3.0.0:::
huaweimagic_ui2.1.1cpe:/o:huawei:magic_ui:2.1.1:::

Vendor	Product	Version	CPE
huawei	emui	9.1.0	cpe:/o:huawei:emui:9.1.0:::
huawei	magic_ui	3.1.0	cpe:/o:huawei:magic_ui:3.1.0:::
huawei	emui	10.0.0	cpe:/o:huawei:emui:10.0.0:::
huawei	emui	10.1.0	cpe:/o:huawei:emui:10.1.0:::
huawei	emui	9.1.1	cpe:/o:huawei:emui:9.1.1:::
huawei	magic_ui	3.0.0	cpe:/o:huawei:magic_ui:3.0.0:::
huawei	magic_ui	2.1.1	cpe:/o:huawei:magic_ui:2.1.1:::

CNA Affected

[
  {
    "product": "EMUI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "10.1.0"
      },
      {
        "status": "affected",
        "version": "10.0.0"
      },
      {
        "status": "affected",
        "version": "9.1.1"
      },
      {
        "status": "affected",
        "version": "9.1.0"
      }
    ]
  },
  {
    "product": "Magic UI",
    "vendor": "Huawei",
    "versions": [
      {
        "status": "affected",
        "version": "3.1.0"
      },
      {
        "status": "affected",
        "version": "3.0.0"
      },
      {
        "status": "affected",
        "version": "2.1.1"
      }
    ]
  }
]

References

consumer.huawei.com/en/support/bulletin/2021/9/

consumer.huawei.com/om/support/bulletin/2021/10/

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

5.1

Confidence

High

EPSS

0.001

Percentile

26.7%

JSON

Related for CVE-2021-37056

prion1 nvd1 cnvd1 cvelist1