Cyber Resilience

CVE-2024-56442

Medium

Published: 08 January 2025

Published
08 January 2025
Modified
13 January 2025
KEV Added
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0008 23.3th percentile
Risk Priority 11 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56442 is a medium-severity an unspecified weakness vulnerability in Huawei Harmonyos. Its CVSS base score is 5.5 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked at the 23.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-5 (Denial-of-service Protection).

Deeper analysis

CVE-2024-56442 is a vulnerability in the NFC service module stemming from native APIs not being implemented, which can lead to abnormal feature performance upon exploitation. This issue affects Huawei consumer devices, as indicated by the vendor's security bulletin. The vulnerability is rated with a CVSS v3.1 base score of 5.5 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) and is associated with CWE-227 (Incomplete Action) and NVD-CWE-noinfo. It was published on January 8, 2025.

Exploitation requires local access to the affected device with low privileges and low attack complexity, with no user interaction needed. A successful attack results in high-impact availability disruption, causing features to perform abnormally, effectively enabling a denial-of-service condition without compromising confidentiality or integrity.

Huawei's security bulletin at https://consumer.huawei.com/en/support/bulletin/2025/1/ provides details on mitigation, likely including patches or updates for affected devices. Security practitioners should direct users to apply vendor-recommended fixes promptly to address this local privilege escalation risk in the NFC service.

EU & UK References

Vulnerability details

Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Local NFC service flaw enables application exploitation for DoS (high availability impact).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2024-56438Same product: Huawei Emui
CVE-2024-56440Same product: Huawei Emui
CVE-2026-28552Same product: Huawei Emui
CVE-2023-52955Same product: Huawei Emui
CVE-2024-57959Same product: Huawei Emui
CVE-2024-56434Same product: Huawei Emui
CVE-2026-24925Same product: Huawei Harmonyos
CVE-2026-28548Same product: Huawei Emui
CVE-2026-34854Same product: Huawei Emui
CVE-2024-57962Same product: Huawei Harmonyos

Affected Assets

huawei
emui
12.0.0, 13.0.0
huawei
harmonyos
2.0.0, 2.1.0, 3.0.0, 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by requiring identification, reporting, and correction of the flaw in the NFC service module's unimplemented native APIs via vendor patches.

prevent

Provides denial-of-service protections to counter the high-impact availability disruption and abnormal feature performance caused by local exploitation.

detect

Enables continuous monitoring to identify exploitation indicators such as abnormal NFC feature performance or local attack attempts.

References