CVE-2021-22382 - OpenCVE

Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:L/AC:M/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Huawei	E3372 E3372 Firmware E8372 E8372 Firmware

Configuration 1 [-]

AND

cpe:2.3:o:huawei:e3372_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e3372:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:huawei:e8372_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:huawei:e8372:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en

History

No history.

MITRE

Status: PUBLISHED

Assigner: huawei

Published: 2021-06-22T18:53:41

Updated: 2024-08-03T18:44:12.310Z

Reserved: 2021-01-05T00:00:00

Link: CVE-2021-22382

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-06-22T19:15:08.023

Modified: 2021-06-29T17:56:21.190

Link: CVE-2021-22382

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "E3372", "vendor": "n/a", "versions": [{"status": "affected", "version": "E3372h-153TCPU-V200R002B333D01SP00C00"}]}], "descriptions": [{"lang": "en", "value": "Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00."}], "problemTypes": [{"descriptions": [{"description": "Improper Permission Assignment", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-22T18:53:41", "orgId": "25ac1063-e409-4190-8079-24548c77ea2e", "shortName": "huawei"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@huawei.com", "ID": "CVE-2021-22382", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "E3372", "version": {"version_data": [{"version_value": "E3372h-153TCPU-V200R002B333D01SP00C00"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Permission Assignment"}]}]}, "references": {"reference_data": [{"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en", "refsource": "MISC", "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T18:44:12.310Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en"}]}]}, "cveMetadata": {"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e", "assignerShortName": "huawei", "cveId": "CVE-2021-22382", "datePublished": "2021-06-22T18:53:41", "dateReserved": "2021-01-05T00:00:00", "dateUpdated": "2024-08-03T18:44:12.310Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e3372_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0936F180-DF82-4F7E-8462-D89A666F902C", "versionEndExcluding": "22.333.03.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e3372:-:*:*:*:*:*:*:*", "matchCriteriaId": "BAD2FD77-0CD7-4BD3-AF8C-635B8D8C0A60", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:huawei:e8372_firmware:*:*:*:*:*:*:*:*", "matchCriteriaId": "0CDC49E7-F3AD-461F-BC57-A24BA04554E6", "versionEndExcluding": "21.333.03.00.00", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:huawei:e8372:-:*:*:*:*:*:*:*", "matchCriteriaId": "35F63024-60C0-43A5-9D7F-A9C133000FC1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Huawei LTE USB Dongle products have an improper permission assignment vulnerability. An attacker can locally access and log in to a PC to induce a user to install a specially crafted application. After successfully exploiting this vulnerability, the attacker can perform unauthenticated operations. Affected product versions include:E3372 E3372h-153TCPU-V200R002B333D01SP00C00."}, {"lang": "es", "value": "Los productos LTE USB Dongle de Huawei, presentan una vulnerabilidad de asignaci\u00f3n inapropiada de permisos. Un atacante puede acceder localmente e iniciar sesi\u00f3n en un PC para inducir a un usuario a instalar una aplicaci\u00f3n especialmente dise\u00f1ada. Despu\u00e9s de una explotaci\u00f3n con \u00e9xito de esta vulnerabilidad, el atacante puede llevar a cabo operaciones no autenticadas. Las versiones de producto afectadas incluyen: E3372 E3372h-153TCPU-V200R002B333D01SP00C00"}], "id": "CVE-2021-22382", "lastModified": "2021-06-29T17:56:21.190", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 0.6, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-06-22T19:15:08.023", "references": [{"source": "psirt@huawei.com", "tags": ["Vendor Advisory"], "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210602-01-permission-en"}], "sourceIdentifier": "psirt@huawei.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}