SecuriTricks - CVE-2024-58044

Description

Permission verification bypass vulnerability in the notification module Impact: Successful exploitation of this vulnerability may affect availability.

Product(s) Impacted

Vendor	Product	Versions
Huawei	Emui Harmonyos	12.0.0, 13.0.0, 14.0.0 2.0.0, 2.1.0, 3.0.0, 3.1.0, 4.0.0, 4.2.0, 4.3.0

Weaknesses

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

*CPE(s)

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
o	huawei	emui	12.0.0	/	/	/	/	/	/	/
o	huawei	emui	13.0.0	/	/	/	/	/	/	/
o	huawei	emui	14.0.0	/	/	/	/	/	/	/
o	huawei	harmonyos	2.0.0	/	/	/	/	/	/	/
o	huawei	harmonyos	2.1.0	/	/	/	/	/	/	/
o	huawei	harmonyos	3.0.0	/	/	/	/	/	/	/
o	huawei	harmonyos	3.1.0	/	/	/	/	/	/	/
o	huawei	harmonyos	4.0.0	/	/	/	/	/	/	/
o	huawei	harmonyos	4.2.0	/	/	/	/	/	/	/
o	huawei	harmonyos	4.3.0	/	/	/	/	/	/	/

References

https://consumer.huawei.com/en/support/bulletin/2025/3/

CVSS Score

8.4 / 10

CVSS Data

Attack Vector: LOCAL
Attack Complexity: LOW
Privileges Required: NONE
Scope: UNCHANGED
Confidentiality Impact: HIGH
Integrity Impact: HIGH
Availability Impact: HIGH

View Vector String

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Date

Published: March 4, 2025, 8:15 a.m.
Last Modified: March 5, 2025, 1:56 p.m.

Status : Analyzed

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

psirt@huawei.com

CVE-2024-58044