CVE-2024-56447

High

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score 0.0014 34.0th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Description

Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Security Summary

CVE-2024-56447 is a vulnerability involving improper permission control in the window management module, associated with CWE-269 (Improper Privilege Management) and CWE-276 (Incorrect Default Permissions). It carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and was published on 2025-01-08. The issue primarily impacts service confidentiality upon successful exploitation, though the CVSS vector indicates high potential effects on confidentiality, integrity, and availability.

A local attacker with low privileges can exploit this vulnerability with low attack complexity and no user interaction required. Exploitation allows unauthorized access or manipulation within the affected window management module, enabling high-impact disruption to confidentiality, integrity, and availability of services on the targeted system.

Huawei has published a consumer support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ addressing this vulnerability, which likely includes details on patches or mitigation steps for affected devices.

Details

CWE(s): CWE-269CWE-276

Affected Products

huawei

emui

12.0.0, 13.0.0, 14.0.0

huawei

harmonyos

2.0.0, 2.1.0, 3.0.0, 3.1.0, 4.0.0

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com