CVE-2023-52955

CVE-2023-52955 is a vulnerability involving improper authentication in the ANS system service module. This flaw affects Huawei consumer products, as indicated by the vendor's security bulletin. Assigned a CVSS v3.1 base score of 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H), it maps to CWE-264 (Permissions, Privileges, and Access Control) and CWE-287 (Improper Authentication). Successful exploitation may cause features to perform abnormally, primarily impacting availability.

A remote attacker with network access can exploit this vulnerability with low complexity and no required privileges, though user interaction is necessary, such as tricking a user into performing a specific action. The attack has an unchanged scope and results in high availability disruption without affecting confidentiality or integrity, effectively enabling a denial-of-service condition that disrupts normal feature operation.

Huawei has published a security bulletin addressing this issue at https://consumer.huawei.com/en/support/bulletin/2025/1/, which provides further details for affected users and practitioners.