Vulnerability CVE-2021-0672 - CERT Civis.Net

Vulnerability Name:

CVE-2021-0672 (CCN-213756)

Assigned:

2020-11-06

Published:

2021-11-11

Updated:

2022-06-28

Summary:

In Browser app, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-199678035

CVSS v3 Severity:

5.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)
4.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): Low User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)
5.4 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): None Availibility (A): None

CVSS v2 Severity:

2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): None Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2021-0672

Source: CCN
Type: MediaTek Web site
November 2021 Product Security Bulletin

Source: XF
Type: UNKNOWN
mediatek-cve20210672-info-disc(213756)

Source: MISC
Type: Vendor Advisory
https://source.android.com/security/bulletin/2021-11-01

Vulnerable Configuration:

Configuration 1:

cpe:/o:google:android:8.1:*:*:*:*:*:*:*

OR cpe:/o:google:android:9.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:10.0:*:*:*:*:*:*:*

OR cpe:/o:google:android:11.0:*:*:*:*:*:*:*

AND

cpe:/h:mediatek:mt6757:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6755:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6785:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6779:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6768:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6769:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6761:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6765:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6762:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6731:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6732:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6735:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6737:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6739:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6750:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6750s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6752:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6753:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6755s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757c:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757cd:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6757ch:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6758:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6763:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6771:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6795:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6797:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6781:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6799:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6833:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6853:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6853t:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6873:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6875:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6877:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6883:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6885:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6889:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6891:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt6893:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8163:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8167:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8167s:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8168:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8173:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8175:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8183:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8185:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8195:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8321:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8362a:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8365:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8385:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8735a:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8735b:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8765:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8766:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8768:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8786:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8788:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8789:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8791:-:*:*:*:*:*:*:*

OR cpe:/h:mediatek:mt8797:-:*:*:*:*:*:*:*

Denotes that component is vulnerable