CVE-2021-22398

EUVD-2021-9544

02.08.2021, 17:15

There is a logic error vulnerability in several smartphones. The software does not properly restrict certain operation when the Digital Balance function is on. Successful exploit could allow the attacker to bypass the Digital Balance limit after a series of operations. Affected product versions include: Hulk-AL00C 9.1.1.201(C00E201R8P1);Jennifer-AN00C 10.1.1.171(C00E170R6P3);Jenny-AL10B 10.1.0.228(C00E220R5P1) and OxfordPL-AN10B 10.1.0.116(C00E110R2P1).

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.6 MEDIUM	PHYSICAL	LOW	NONE	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 6%

Affected Products (NVD)

Vendor	Product	Version
huawei	hulk-al00c_firmware	9.1.1.201\(c00e201r8p1\)
huawei	jennifer-an00c_firmware	10.1.1.171\(c00e170r6p3\)
huawei	jenny-al10b_firmware	10.1.0.228\(c00e220r5p1\)
huawei	oxfordpl-an10b_firmware	10.1.0.116\(c00e110r2p1\)

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-863 - Incorrect Authorization
The software performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210714-01-smartphone-en