Details of VAR-202108-0278

ID

VAR-202108-0278

CVE

CVE-2021-22398

TITLE

Logic error vulnerabilities in multiple Huawei smartphones

Trust: 0.6

sources: CNVD: CNVD-2021-93834

DESCRIPTION

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1). The Huawei mobile phone is a smart phone of Huawei from China's Huawei (Huawei) company. A logic error vulnerability in many Huawei smartphones is caused by the system not reasonably restricting certain operations when the function of healthy use of the phone is turned on. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-22398 // CNVD: CNVD-2021-93834 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-22398

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2021-93834

AFFECTED PRODUCTS

vendor:	huawei	model:	jenny-al10b	scope:	eq	version:	10.1.0.228\(c00e220r5p1\)	Trust: 1.0
vendor:	huawei	model:	oxfordpl-an10b	scope:	eq	version:	10.1.0.116\(c00e110r2p1\)	Trust: 1.0
vendor:	huawei	model:	jennifer-an00c	scope:	eq	version:	10.1.1.171\(c00e170r6p3\)	Trust: 1.0
vendor:	huawei	model:	hulk-al00c	scope:	eq	version:	9.1.1.201\(c00e201r8p1\)	Trust: 1.0
vendor:	huawei	model:	hulk-al00c 9.1.1.201	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	jennifer-an00c 10.1.1.171	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	jenny-al10b 10.1.0.228	scope:	-	version:	-	Trust: 0.6
vendor:	huawei	model:	oxfordpl-an10b 10.1.0.116	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2021-93834 // NVD: CVE-2021-22398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-22398
value:	MEDIUM
Trust: 1.0
CNVD:	CNVD-2021-93834
value:	LOW
Trust: 0.6
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1042
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2021-22398
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2021-22398
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
CNVD:	CNVD-2021-93834
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2021-22398
baseSeverity:	MEDIUM
baseScore:	4.6
vectorString:	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
attackVector:	PHYSICAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	HIGH
availabilityImpact:	NONE
exploitabilityScore:	0.9
impactScore:	3.6
version:	3.1
Trust: 1.0

sources: CNVD: CNVD-2021-93834 // VULMON: CVE-2021-22398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1042 // NVD: CVE-2021-22398

PROBLEMTYPE DATA

problemtype:

CWE-863

Trust: 1.0

sources: NVD: CVE-2021-22398

TYPE

other

Trust: 1.2

sources: CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1042

PATCH

title:

Patch for Logic error vulnerabilities in multiple Huawei smartphones

url:

https://www.cnvd.org.cn/patchInfo/show/301896

Trust: 0.6

sources: CNVD: CNVD-2021-93834

EXTERNAL IDS

db:	NVD	id:	CVE-2021-22398	Trust: 2.3
db:	CNVD	id:	CNVD-2021-93834	Trust: 0.6
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021071506	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1042	Trust: 0.6
db:	VULMON	id:	CVE-2021-22398	Trust: 0.1

sources: CNVD: CNVD-2021-93834 // VULMON: CVE-2021-22398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1042 // NVD: CVE-2021-22398

REFERENCES

url:	https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-22398	Trust: 1.2
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021071506	Trust: 0.6
url:	https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20210714-01-smartphone-cn	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/863.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2021-93834 // VULMON: CVE-2021-22398 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1042 // NVD: CVE-2021-22398

CREDITS

The vulnerability was discovered by Huawei's internal testing

Trust: 0.6

sources: CNNVD: CNNVD-202107-1042

SOURCES

db:	CNVD	id:	CNVD-2021-93834
db:	VULMON	id:	CVE-2021-22398
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1042
db:	NVD	id:	CVE-2021-22398

LAST UPDATE DATE

2024-08-14T12:20:17.041000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2021-93834	date:	2021-12-03T00:00:00
db:	VULMON	id:	CVE-2021-22398	date:	2021-08-11T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1042	date:	2021-08-25T00:00:00
db:	NVD	id:	CVE-2021-22398	date:	2021-08-11T15:21:19.677

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2021-93834	date:	2021-11-03T00:00:00
db:	VULMON	id:	CVE-2021-22398	date:	2021-08-02T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1042	date:	2021-07-14T00:00:00
db:	NVD	id:	CVE-2021-22398	date:	2021-08-02T17:15:14.173