Lucene search

Huawei TechnologiesHUAWEI-SA-20210714-01-SMARTPHONE

HistoryJul 14, 2021 - 12:00 a.m.

Security Advisory - Logic Error Vulnerability in Several Smartphones

2021-07-1400:00:00

Huawei Technologies

www.huawei.com

smartphones

logic error

vulnerability

digital balance

huawei

software updates

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

23.3%

JSON

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. (Vulnerability ID: HWPSIRT-2020-96652)

This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2021-22398.

Huawei has released software updates to fix this vulnerability. This advisory is available at the following link:

<http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en>

Affected configurations

Vulners

Node

huaweihulk-al00c_firmwareMatch9.1.1.201

huaweijennifer-an00c_firmwareMatch10.1.1.171

huaweijenny-al10b_firmwareMatch10.1.0.228

huaweioxfordpl-an10b_firmwareMatch10.1.0.116

VendorProductVersionCPE
huaweihulk-al00c_firmware9.1.1.201cpe:2.3:o:huawei:hulk-al00c_firmware:9.1.1.201:*:*:*:*:*:*:*
huaweijennifer-an00c_firmware10.1.1.171cpe:2.3:o:huawei:jennifer-an00c_firmware:10.1.1.171:*:*:*:*:*:*:*
huaweijenny-al10b_firmware10.1.0.228cpe:2.3:o:huawei:jenny-al10b_firmware:10.1.0.228:*:*:*:*:*:*:*
huaweioxfordpl-an10b_firmware10.1.0.116cpe:2.3:o:huawei:oxfordpl-an10b_firmware:10.1.0.116:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
huawei	hulk-al00c_firmware	9.1.1.201	cpe:2.3:o:huawei:hulk-al00c_firmware:9.1.1.201:::::::*
huawei	jennifer-an00c_firmware	10.1.1.171	cpe:2.3:o:huawei:jennifer-an00c_firmware:10.1.1.171:::::::*
huawei	jenny-al10b_firmware	10.1.0.228	cpe:2.3:o:huawei:jenny-al10b_firmware:10.1.0.228:::::::*
huawei	oxfordpl-an10b_firmware	10.1.0.116	cpe:2.3:o:huawei:oxfordpl-an10b_firmware:10.1.0.116:::::::*

CVSS2

2.1

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS3

4.6

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.001

Percentile

23.3%

JSON

Related for HUAWEI-SA-20210714-01-SMARTPHONE