CVE-2024-56442

Medium

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score 0.0008 23.0th percentile

Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56442 is a medium-severity an unspecified weakness vulnerability in Huawei Harmonyos. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Application or System Exploitation (T1499.004). What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly mitigates the CVE by requiring identification, reporting, and correction of the flaw in the NFC service module's unimplemented native APIs via vendor patches.

SC-5 Denial-of-service Protection partial match

prevent

Provides denial-of-service protections to counter the high-impact availability disruption and abnormal feature performance caused by local exploitation.

SI-4 System Monitoring partial match

detect

Enables continuous monitoring to identify exploitation indicators such as abnormal NFC feature performance or local attack attempts.

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact

Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.

attack.mitre.org →

Why these techniques?

Local NFC service flaw enables application exploitation for DoS (high availability impact).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

Deeper analysisAI

CVE-2024-56442 is a vulnerability in the NFC service module stemming from native APIs not being implemented, which can lead to abnormal feature performance upon exploitation. This issue affects Huawei consumer devices, as indicated by the vendor's security bulletin. The vulnerability is rated with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-227 (Incomplete Action) and NVD-CWE-noinfo. It was published on January 8, 2025.

Exploitation requires local access to the affected device with low privileges and low attack complexity, with no user interaction needed. A successful attack results in high-impact availability disruption, causing features to perform abnormally, effectively enabling a denial-of-service condition without compromising confidentiality or integrity.

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on mitigation, likely including patches or updates for affected devices. Security practitioners should direct users to apply vendor-recommended fixes promptly to address this local privilege escalation risk in the NFC service.

Details

CWE(s): CWE-227 NVD-CWE-noinfo

Affected Products

huawei

emui

12.0.0, 13.0.0

huawei

harmonyos

2.0.0, 2.1.0, 3.0.0, 3.1.0

CVEs Like This One

CVE-2024-57959Same product: Huawei Emui

CVE-2024-56438Same product: Huawei Emui

CVE-2024-56434Same product: Huawei Emui

CVE-2024-56440Same product: Huawei Emui

CVE-2026-28552Same product: Huawei Emui

CVE-2024-56448Same product: Huawei Emui

CVE-2024-58043Same product: Huawei Emui

CVE-2026-34859Same product: Huawei Emui

CVE-2024-56449Same product: Huawei Emui

CVE-2024-58044Same product: Huawei Emui

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com