4.6
CVE-2021-22398
- EPSS 0.02%
- Veröffentlicht 02.08.2021 17:15:14
- Zuletzt bearbeitet 21.11.2024 05:50:02
- Quelle psirt@huawei.com
- Teams Watchlist Login
- Unerledigt Login
There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Huawei ≫ Hulk-al00c Firmware Version9.1.1.201(c00e201r8p1)
Huawei ≫ Jennifer-an00c Firmware Version10.1.1.171(c00e170r6p3)
Huawei ≫ Jenny-al10b Firmware Version10.1.0.228(c00e220r5p1)
Huawei ≫ Oxfordpl-an10b Firmware Version10.1.0.116(c00e110r2p1)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.038 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.6 | 0.9 | 3.6 |
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
CWE-863 Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.