Login Sign Up

CVE-2021-22343

9.1 CRITICAL

📋 TL;DR

A configuration defect vulnerability in Huawei smartphones allows attackers to compromise service integrity and availability. This affects Huawei smartphone users who haven't applied security updates. Successful exploitation could disrupt device functionality or allow unauthorized access to services.

💻 Affected Systems

Products:
  • Huawei smartphones
Versions: Specific versions not detailed in provided references; affected versions would be listed in Huawei's May 2021 security bulletin
Operating Systems: HarmonyOS, EMUI (Android-based)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability exists due to configuration defect in Huawei smartphone software. Exact affected models and versions would be specified in Huawei's detailed security advisory.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to data loss, service disruption, or unauthorized access to sensitive smartphone functions.

🟠

Likely Case

Service disruption affecting specific smartphone features or applications, potentially requiring device restart.

🟢

If Mitigated

Minimal impact with proper security updates applied and standard mobile security practices followed.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires specific conditions related to configuration defects. No public exploit code was mentioned in the provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security updates from May 2021 Huawei security bulletin

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Check for security updates in phone Settings > System & updates > Software update. 2. Download and install available May 2021 security updates. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling non-essential smartphone services and features

Network segmentation

all

Restrict smartphone network access to trusted networks only

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement additional monitoring for unusual device behavior or service disruptions

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number. Compare with May 2021 security bulletin.

Check Version:

Settings > About phone > Build number (no CLI command available)

Verify Fix Applied:

Verify security patch level shows May 2021 or later updates installed

📡 Detection & Monitoring

Log Indicators:

  • Unexpected service crashes
  • Configuration changes without user action
  • Unusual permission requests

Network Indicators:

  • Unexpected network connections from smartphone services
  • Anomalous traffic patterns from affected devices

SIEM Query:

device_vendor:Huawei AND event_type:service_crash OR config_change

📊 Metadata

CVE ID: CVE-2021-22343
CVSS v3 Score: 9.1 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Published: July 1, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON