CVE-2021-22317 – An information disclosure vulnerability in cert... (How to Fix)

Q: What is the severity of CVE-2021-22317?

CVE-2021-22317 has a CVSS score of 7.5 (HIGH). An information disclosure vulnerability in certain Huawei smartphones allows unauthorized access to sensitive data. This affects users of specific Huawei smartphone models running vulnerable software versions. The vulnerability could expose personal or device data to attackers.

📋 TL;DR

An information disclosure vulnerability in certain Huawei smartphones allows unauthorized access to sensitive data. This affects users of specific Huawei smartphone models running vulnerable software versions. The vulnerability could expose personal or device data to attackers.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific versions not detailed in provided references; requires checking Huawei bulletins for exact affected versions

Operating Systems: Android-based Huawei EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Exact models and versions need verification from Huawei security bulletins. Likely affects multiple recent smartphone models.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of personal data including contacts, messages, photos, and authentication credentials stored on the device.

🟠

Likely Case

Exposure of some device configuration data or limited personal information accessible through the vulnerability vector.

🟢

If Mitigated

No data exposure if device is patched or workarounds are implemented.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Limited public information available. Exploitation likely requires some level of access or interaction with the device.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security updates for specific patched versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/2/

Restart Required: Yes

Instructions:

1. Check for security updates in device Settings > System & updates > Software update. 2. Install any available security patches. 3. Restart device after update completes.

🔧 Temporary Workarounds

Limit app permissions

all

Restrict unnecessary app permissions that might exploit this vulnerability

Disable unnecessary services

all

Turn off Bluetooth, NFC, and other connectivity services when not in use

🧯 If You Can't Patch

Isolate device from untrusted networks and Bluetooth connections
Implement mobile device management (MDM) with strict security policies

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number and compare with Huawei security bulletins

Check Version:

Settings > About phone > EMUI version / Android version

Verify Fix Applied:

Verify security patch date is after February 2021 and matches patched versions in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unusual data access patterns
Unexpected permission requests from apps

Network Indicators:

Suspicious data exfiltration from device

SIEM Query:

Device logs showing unauthorized access attempts to protected data areas

📊 Metadata

CVE ID: CVE-2021-22317

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: June 3, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/2/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/2/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON