CVE-2024-56443

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0009 24.6th percentile

Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Security Summary

CVE-2024-56443 is a cross-process screen stack vulnerability in the UIExtension module. Published on January 8, 2025, it has a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-200 (Exposure of Sensitive Information to an Unauthorized Actor). The vulnerability affects service confidentiality upon successful exploitation.

A local attacker can exploit this vulnerability with low attack complexity, requiring no privileges or user interaction. Exploitation remains within the same security scope and results in high confidentiality impact, potentially allowing unauthorized access to sensitive service data.

Huawei's security bulletin provides details on the vulnerability, available at https://consumer.huawei.com/en/support/bulletin/2025/1/. Practitioners should consult this advisory for recommended mitigations or patches.

Details

CWE(s): CWE-200NVD-CWE-noinfo

Affected Products

huawei

harmonyos

5.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com