CVE-2024-56444

High

Published: 08 January 2025

Published

08 January 2025

Modified

13 January 2025

KEV Added

—

Patch

—

CVSS Score 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score 0.0024 47.6th percentile

Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-56444 is a high-severity an unspecified weakness vulnerability in Huawei Harmonyos. Its CVSS base score is 7.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Data from Local System (T1005); ranked at the 47.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-39 (Process Isolation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Data from Local System (T1005) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-39 Process Isolation good match

prevent

Process isolation maintains separate execution domains to prevent cross-process unauthorized access to screen stack data in the UIExtension module.

AC-3 Access Enforcement good match

prevent

Access enforcement directly addresses the CWE-264 permissions flaw by requiring enforcement of approved authorizations for sensitive service data access.

SC-4 Information in Shared System Resources good match

prevent

Prevents unauthorized information transfer via shared system resources like the screen stack exploited in this cross-process vulnerability.

MITRE ATT&CK Enterprise TechniquesAI

T1005 Data from Local System Collection

Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.

attack.mitre.org →

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

Why these techniques?

Remote unauthenticated network exploit in permissions module directly enables data access from local system and public-facing application exploitation.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Deeper analysisAI

CVE-2024-56444 is a cross-process screen stack vulnerability in the UIExtension module. Published on January 8, 2025, it carries a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N) and is associated with CWE-264 (Permissions, Privileges, and Access Controls). Successful exploitation may affect service confidentiality.

Remote attackers require no privileges or user interaction and can exploit the vulnerability over the network with low attack complexity. Exploitation enables high-impact confidentiality violations, such as unauthorized access to sensitive service data, while integrity and availability remain unaffected.

Huawei has published a security bulletin addressing this issue at https://consumer.huawei.com/en/support/bulletin/2025/1/, which likely details affected versions and mitigation steps.

Details

CWE(s): CWE-264 NVD-CWE-noinfo

Affected Products

huawei

harmonyos

5.0.0

CVEs Like This One

CVE-2024-56443Same product: Huawei Harmonyos

CVE-2026-34865Same product: Huawei Harmonyos

CVE-2024-57954Same product: Huawei Harmonyos

CVE-2026-24915Same product: Huawei Harmonyos

CVE-2024-56435Same product: Huawei Harmonyos

CVE-2026-24921Same product: Huawei Harmonyos

CVE-2025-68960Same product: Huawei Harmonyos

CVE-2024-56436Same product: Huawei Harmonyos

CVE-2025-68968Same product: Huawei Harmonyos

CVE-2024-56437Same product: Huawei Harmonyos

References

https://consumer.huawei.com/en/support/bulletin/2025/1/
Vendor Advisory · psirt@huawei.com