CVE-2021-22398 - Vulnerability Details

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

No CVSS v4.0

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	Hulk-al00c Hulk-al00c Firmware Jennifer-an00c Jennifer-an00c Firmware Jenny-al10b Jenny-al10b Firmware Oxfordpl-an10b Oxfordpl-an10b Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:hulk-al00c_firmware:9.1.1.201\(c00e201r8p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:hulk-al00c:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:jennifer-an00c_firmware:10.1.1.171\(c00e170r6p3\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:jennifer-an00c:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:huawei:jenny-al10b_firmware:10.1.0.228\(c00e220r5p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:jenny-al10b:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:huawei:oxfordpl-an10b_firmware:10.1.0.116\(c00e110r2p1\):*:*:*:*:*:*:*

cpe:2.3:h:huawei:oxfordpl-an10b:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-08-02T16:13:25

Updated: 2024-08-03T18:44:13.670Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22398

Vulnrichment

No data.

NVD

Status : Modified

Published: 2021-08-02T17:15:14.173

Modified: 2024-11-21T05:50:02.930

Link: CVE-2021-22398

Redhat

No data.

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Attack Vector Physical

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object