CVE-2024-56439

High

Published: 08 January 2025

Published

08 January 2025

Modified

26 September 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0004 13.7th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Description

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Security Summary

CVE-2024-56439, published on 2025-01-08, is an access control vulnerability (CWE-311) in the identity authentication module. It carries a CVSS v3.1 base score of 7.5 (AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H) and is associated with NVD-CWE-Other.

The vulnerability can be exploited by a local attacker with high privileges who overcomes high attack complexity, requiring no user interaction. Successful exploitation changes the scope and leads to high impacts on confidentiality, integrity, and availability, potentially affecting service confidentiality.

Mitigation details are provided in the Huawei security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/.

Details

CWE(s): CWE-311NVD-CWE-Other

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com