CVE-2021-22372

7.5 HIGH

📋 TL;DR

This vulnerability in Huawei smartphones allows attackers to compromise security features, potentially exposing confidential service information. It affects users of specific Huawei smartphone models running vulnerable software versions. The vulnerability impacts service confidentiality when successfully exploited.

💻 Affected Systems

Products:

• Huawei smartphones

Versions: Specific versions not detailed in available references; affected versions listed in Huawei's May 2021 security bulletins

Operating Systems: Huawei EMUI/HarmonyOS

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects security features implementation in Huawei smartphones; exact models and versions require checking Huawei's security bulletins

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Magic Ui by Huawei

View all CVEs affecting Magic Ui →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of service confidentiality, allowing unauthorized access to sensitive service data and user information stored on the device.

🟠

Likely Case

Limited information disclosure of service-related data, potentially exposing authentication tokens, configuration details, or service metadata.

🟢

If Mitigated

Minimal impact with proper security controls, potentially limited to non-critical service information exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires specific conditions and knowledge of the security feature vulnerability; no public exploit code available

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Versions specified in Huawei's May 2021 security updates

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Check for available updates in Settings > System & updates > Software update. 2. Download and install the latest security update. 3. Restart the device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling non-essential services and features

Network segmentation

all

Isolate affected devices from critical networks

🧯 If You Can't Patch

• Isolate affected devices from networks containing sensitive data
• Implement strict access controls and monitor for unusual service access patterns

🔍 How to Verify

Check if Vulnerable:

Copy

Check device version in Settings > About phone > Build number and compare against Huawei's May 2021 security bulletin

Check Version:

Copy

Settings > About phone > Build number (no command line available for consumer devices)

Verify Fix Applied:

Copy

Verify the installed security patch level in Settings > About phone > Build number matches or exceeds the patched version

📡 Detection & Monitoring

Log Indicators:

• Unusual service access patterns
• Security feature failures or errors
• Unexpected privilege escalation attempts

Network Indicators:

• Anomalous service communication from affected devices
• Unexpected data exfiltration patterns

SIEM Query:

Copy

device.vendor:Huawei AND event.category:security AND (event.action:feature_failure OR event.action:service_compromise)

📊 Metadata

CVE ID: CVE-2021-22372

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Published: June 30, 2021

Last Updated: November 21, 2024

🔗 References

• https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory
• https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON