CVE-2021-22373 – This vulnerability in Huawei smartphones involv... (How to Fix)

Q: What is the severity of CVE-2021-22373?

CVE-2021-22373 has a CVSS score of 9.1 (CRITICAL). This vulnerability in Huawei smartphones involves design process defects that could allow attackers to compromise service integrity and availability. It affects Huawei smartphone users who haven't applied security updates. Successful exploitation could disrupt device functionality and potentially allow unauthorized access to services.

📋 TL;DR

This vulnerability in Huawei smartphones involves design process defects that could allow attackers to compromise service integrity and availability. It affects Huawei smartphone users who haven't applied security updates. Successful exploitation could disrupt device functionality and potentially allow unauthorized access to services.

💻 Affected Systems

Products:

Huawei smartphones

Versions: Specific affected versions not detailed in provided references, but bulletin indicates May 2021 security updates address the issue

Operating Systems: HarmonyOS, Android-based EMUI

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability affects service integrity and availability in Huawei smartphones; exact models and configurations not specified in provided references

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to disrupt critical smartphone services, potentially enabling remote code execution or denial of service affecting core device functionality.

🟠

Likely Case

Service disruption affecting specific smartphone features or applications, potentially leading to data corruption or temporary unavailability of device services.

🟢

If Mitigated

Limited impact with proper security controls, potentially affecting only non-critical services with minimal data exposure.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

No public exploit details available; vulnerability requires design process defects exploitation which typically requires specific conditions

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: May 2021 security update

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2021/5/

Restart Required: Yes

Instructions:

1. Check for updates in Settings > System & updates > Software update. 2. Download and install May 2021 security update. 3. Restart device after installation completes.

🔧 Temporary Workarounds

Disable unnecessary services

all

Reduce attack surface by disabling non-essential smartphone services and features

Network segmentation

all

Isolate affected devices from critical network segments

🧯 If You Can't Patch

Isolate affected devices from corporate networks and internet access
Implement strict application whitelisting and monitor for unusual service behavior

🔍 How to Verify

Check if Vulnerable:

Check device security patch level in Settings > About phone > Build number; if before May 2021, device is likely vulnerable

Check Version:

Settings > About phone > Build number (no CLI command available for consumer devices)

Verify Fix Applied:

Verify security patch level shows May 2021 or later in Settings > About phone

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
Unusual system process behavior
Failed service initialization attempts

Network Indicators:

Unusual outbound connections from smartphone services
Service disruption patterns

SIEM Query:

Device logs showing repeated service failures or unexpected process terminations on Huawei devices

📊 Metadata

CVE ID: CVE-2021-22373

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Published: June 30, 2021

Last Updated: November 21, 2024

🔗 References

https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory
https://consumer.huawei.com/en/support/bulletin/2021/5/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON