Cyber Posture

CVE-2024-56435

Medium

Published: 08 January 2025

Published
08 January 2025
Modified
27 September 2025
KEV Added
Patch
CVSS Score 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.0007 22.2th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56435 is a medium-severity Improper Restriction of Rendered UI Layers or Frames (CWE-1021) vulnerability in Huawei Harmonyos. Its CVSS base score is 6.2 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 22.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-39 Process Isolation good match
prevent

Process isolation maintains separate execution domains to prevent cross-process unauthorized access to confidential screen stack data in the UIExtension module.

AC-4 Information Flow Enforcement good match
prevent

Enforces information flow control policies across process boundaries to block unauthorized leakage of service confidentiality via the screen stack vulnerability.

SI-2 Flaw Remediation good match
prevent

Flaw remediation through timely application of Huawei patches directly eliminates the cross-process screen stack vulnerability in UIExtension.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
Why these techniques?

Local unauthenticated cross-process access to confidential data directly enables T1005 (Data from Local System).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Deeper analysisAI

CVE-2024-56435 is a cross-process screen stack vulnerability in the UIExtension module, as identified in Huawei's security bulletin. Published on January 8, 2025, it carries a CVSS v3.1 base score of 6.2 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N), indicating medium severity with high impact on confidentiality but no impact on integrity or availability. The vulnerability is linked to CWE-1021 (Improper Restriction of Rendered UI Layers or Frames) and insufficient NVD CWE information.

A local attacker with no privileges required can exploit this vulnerability due to its low attack complexity and lack of need for user interaction. Successful exploitation allows unauthorized access to confidential service data across processes, potentially exposing sensitive information without altering or disrupting system operations.

Huawei's consumer support bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on affected devices and recommended patches or mitigations to address the issue. Security practitioners should review the advisory for version-specific updates and apply them promptly to vulnerable UIExtension implementations.

Details

CWE(s)
CWE-1021NVD-CWE-noinfo

Affected Products

huawei
harmonyos
5.0.0

CVEs Like This One

CVE-2024-56436Same product: Huawei Harmonyos
CVE-2024-56443Same product: Huawei Harmonyos
CVE-2024-57954Same product: Huawei Harmonyos
CVE-2026-24915Same product: Huawei Harmonyos
CVE-2026-24921Same product: Huawei Harmonyos
CVE-2024-56444Same product: Huawei Harmonyos
CVE-2025-68960Same product: Huawei Harmonyos
CVE-2025-68968Same product: Huawei Harmonyos
CVE-2024-56437Same product: Huawei Harmonyos
CVE-2026-24926Same product: Huawei Harmonyos

References