CVE-2021-21732

{"id": "CVE-2021-21732", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-05-19T11:15:07.757", "references": [{"url": "https://support.zte.com.cn/support/news/LoopholeInfoDetail.aspx?newsId=1015064", "tags": ["Vendor Advisory"], "source": "psirt@zte.com.cn"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "A mobile phone of ZTE is impacted by improper access control vulnerability. Due to improper permission settings, third-party applications can read some files in the proc file system without authorization. Attackers could exploit this vulnerability to obtain sensitive information. This affects Axon 11 5G ZTE/CN_P725A12/P725A12:10/QKQ1.200816.002/20201116.175317:user/release-keys."}, {"lang": "es", "value": "Un tel\u00e9fono m\u00f3vil de ZTE est\u00e1 afectado por una vulnerabilidad de control de acceso inapropiado. Debido a una configuraci\u00f3n de permisos inapropiada, unas aplicaciones de terceros pueden leer algunos archivos en el sistema de archivos proc sin autorizaci\u00f3n. Los atacantes podr\u00edan explotar esta vulnerabilidad para conseguir informaci\u00f3n confidencial. Esto afecta a Axon 11 5G ZTE/CN_P725A12/P725A12: 10/QKQ1.200816.002/20201116.175317: usuario/teclas de liberaci\u00f3n"}], "lastModified": "2022-06-28T14:11:45.273", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:zte:axon_11_5g:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0AB053B1-08C9-41C1-BD28-06A43B722C86"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:zte:axon_11_5g_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C956D21-AF7F-447D-B3C2-7C7A367B5BD5", "versionEndExcluding": "2021.5.1"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "psirt@zte.com.cn"}