nvd-json-data-feeds/CVE-2021/CVE-2021-224xx/CVE-2021-22449.json

{
  "id": "CVE-2021-22449",
  "sourceIdentifier": "psirt@huawei.com",
  "published": "2021-08-23T20:15:14.243",
  "lastModified": "2022-07-12T17:42:04.277",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "There is a logic vulnerability in Elf-G10HN 1.0.0.608. An unauthenticated attacker could perform specific operations to exploit this vulnerability. Due to insufficient security design, successful exploit could allow an attacker to add users to be friends without prompting in the target device."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad l\u00f3gica en Elf-G10HN versi\u00f3n 1.0.0.608. Un atacante no autenticado podr\u00eda llevar a cabo operaciones espec\u00edficas para explotar esta vulnerabilidad. Debido a un dise\u00f1o de seguridad insuficiente, una explotaci\u00f3n con \u00e9xito podr\u00eda permitir a un atacante a\u00f1adir usuarios para ser amigos sin preguntar en el dispositivo de destino."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:huawei:elf-g10hn:1.0.0.608:*:*:*:*:*:*:*",
              "matchCriteriaId": "93017CA5-C0DF-41D1-BD91-F3E803E99BFE"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210630-01-logic-en",
      "source": "psirt@huawei.com",
      "tags": [
        "Vendor Advisory"
      ]
    }
  ]
}