CVE-2023-52954

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 4.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L

EPSS Score 0.0005 14.9th percentile

Risk Priority 9 60% EPSS · 20% KEV · 20% CVSS

Description

Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability.

Security Summary

CVE-2023-52954 is a vulnerability involving improper permission control in the Gallery module. It affects Huawei consumer products and was published on 2025-01-08 with a CVSS v3.1 base score of 4.4 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L). The issue is linked to CWEs-701 (Incorrect Control Flow Scoping) and CWE-276 (Incorrect Default Permissions).

A local attacker can exploit this vulnerability with low attack complexity, requiring user interaction but no special privileges. Successful exploitation may result in low-impact effects on confidentiality and availability, with no impact on integrity.

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on the vulnerability, including mitigation recommendations for affected devices.

Details

CWE(s): CWE-701CWE-276

Affected Products

huawei

emui

12.0.0, 13.0.0

huawei

harmonyos

2.0.0, 2.1.0, 3.0.0, 3.1.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com