CVE-2021-40049 — Incorrect Default Permissions in Huawei Emui

CWE-276 — Incorrect Default Permissions4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.1%

top 70.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Emui Huawei Harmonyos Huawei Magic UI

Timeline

PublishedMar 10

Latest updateMar 11

Description

There is a permission control vulnerability in the PMS module. Successful exploitation of this vulnerability can lead to sensitive system information being obtained without authorization.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5huawei/emui4 versions+3

▶NVDhuawei/emui6 versions+5

▶CVEListV5huawei/magic_ui3.1.0, 3.1.1, 4.0.0+2

▶NVDhuawei/magic_ui3.1.0, 3.1.1, 4.0.0+2

▶CVEListV5huawei/harmonyos2.0

🔴Vulnerability Details

GHSA

GHSA-h72g-579j-rqrx: There is a permission control vulnerability in the PMS module↗2022-03-11

▶

OSV

CVE-2021-40049: There is a permission control vulnerability in the PMS module↗2022-03-10

▶

CVEList

CVE-2021-40049: There is a permission control vulnerability in the PMS module↗2022-03-07

▶