FKIE_CVE-2021-22399

Vulnerability from fkie_nvd - Published: 2021-07-13 12:15 - Updated: 2024-11-21 05:50
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11).
References
psirt@huawei.comhttps://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-enVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-enVendor Advisory
Impacted products
Vendor Product Version
huawei p30_firmware 10.0.0.195\(c432e22r2p5\)
huawei p30_firmware 10.0.0.200\(c00e85r2p11\)
huawei p30_firmware 10.0.0.200\(c461e6r3p1\)
huawei p30_firmware 10.0.0.201\(c10e7r5p1\)
huawei p30_firmware 10.0.0.201\(c185e4r7p1\)
huawei p30_firmware 10.0.0.206\(c605e19r1p3\)
huawei p30_firmware 10.0.0.209\(c636e6r3p4\)
huawei p30_firmware 10.0.0.210\(c635e3r2p4\)
huawei p30 -
huawei p30_firmware *
huawei p30 -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.195\\(c432e22r2p5\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "91183616-37B2-4A12-8618-CC67E5599A0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.200\\(c00e85r2p11\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CC6D39-258F-467B-8F30-8156AAE82E89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.200\\(c461e6r3p1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "462708E7-4D60-4786-B2B0-966FC2234BF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.201\\(c10e7r5p1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "730A2C08-9C3E-4794-9876-206164AADAD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.201\\(c185e4r7p1\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DA40C584-80A1-49A5-A346-7F316A4640FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.206\\(c605e19r1p3\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "6474BF29-4980-45AC-A5BE-463E37EDC828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.209\\(c636e6r3p4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "731B92DD-7072-421E-B4FE-088E5FCE0805",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:10.0.0.210\\(c635e3r2p4\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7D840C42-60E5-4E0D-892F-8D90ED74FD55",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:huawei:p30_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A7CBB9B-878D-48E6-9AB2-F69FE744065D",
              "versionEndExcluding": "10.1.0.165\\(c01e165r2p11\\)",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:huawei:p30:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "21EE286C-8111-4F59-8CF1-13C68EA76B21",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Bluetooth function of some Huawei smartphones has a DoS vulnerability. Attackers can install third-party apps to send specific broadcasts, causing the Bluetooth module to crash. This vulnerability is successfully exploited to cause the Bluetooth function to become abnormal. Affected product versions include: HUAWEI P30 10.0.0.195(C432E22R2P5), 10.0.0.200(C00E85R2P11), 10.0.0.200(C461E6R3P1), 10.0.0.201(C10E7R5P1), 10.0.0.201(C185E4R7P1), 10.0.0.206(C605E19R1P3), 10.0.0.209(C636E6R3P4), 10.0.0.210(C635E3R2P4), and versions earlier than 10.1.0.165(C01E165R2P11)."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Bluetooth de algunos smartphones de Huawei presenta una vulnerabilidad DoS. Los atacantes pueden instalar aplicaciones de terceros para enviar transmisiones espec\u00edficas, causando un bloqueo al m\u00f3dulo Bluetooth. Esta vulnerabilidad es explotada con \u00e9xito para causar que la funci\u00f3n Bluetooth se vuelva anormal. Las versiones de producto afectadas incluyen: HUAWEI P30 versi\u00f3n 10.0.0.195(C432E22R2P5), versi\u00f3n 10.0.0.200(C00E85R2P11), versi\u00f3n 10.0.0.200(C461E6R3P1), versi\u00f3n 10.0.0.201(C10E7R5P1), versi\u00f3n 10.0.0.201(C185E4R7P1), versi\u00f3n 10. Versi\u00f3n 0.0.206(C605E19R1P3), versi\u00f3n 10.0.0.209(C636E6R3P4), versi\u00f3n 10.0.0.210(C635E3R2P4), y versiones anteriores a  10.1.0.165(C01E165R2P11)"
    }
  ],
  "id": "CVE-2021-22399",
  "lastModified": "2024-11-21T05:50:03.067",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-13T12:15:09.820",
  "references": [
    {
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210707-03-dos-en"
    }
  ],
  "sourceIdentifier": "psirt@huawei.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.