Login Sign Up

CVE-2023-52545

7.5 HIGH
Denial of Service

📋 TL;DR

This vulnerability in Huawei's Calendar app involves undefined permissions that could allow attackers to disrupt the app's functionality, affecting availability. It impacts Huawei devices running HarmonyOS with the vulnerable Calendar app version. Successful exploitation could cause the Calendar app to crash or become unresponsive.

💻 Affected Systems

Products:
  • Huawei Calendar app
Versions: Specific vulnerable versions not explicitly stated in references; affected versions prior to March 2024 security updates
Operating Systems: HarmonyOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Huawei devices with the vulnerable Calendar app version installed; exact device models not specified in provided references.

📦 What is this software?

Emui by Huawei

View all CVEs affecting Emui →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

Harmonyos by Huawei

View all CVEs affecting Harmonyos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service for the Calendar app, preventing users from accessing or managing calendar events, potentially affecting scheduling and productivity.

🟠

Likely Case

Temporary disruption of Calendar app functionality, requiring app restart or device reboot to restore normal operation.

🟢

If Mitigated

Minimal impact with proper patching; Calendar app continues to function normally with all features available.

🌐 Internet-Facing: LOW - This appears to be a local app vulnerability requiring access to the device, not directly exploitable over the internet.
🏢 Internal Only: MEDIUM - Could be exploited by malicious apps on the same device or through physical access, but requires specific conditions.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation likely requires local access or malicious app installation; no public exploit details available in provided references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: March 2024 security updates

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/3/

Restart Required: Yes

Instructions:

1. Check for system updates in device Settings. 2. Install March 2024 security update. 3. Restart device after installation. 4. Verify Calendar app version is updated.

🔧 Temporary Workarounds

Disable Calendar app

all

Temporarily disable the Calendar app to prevent exploitation while awaiting patch

Restrict app permissions

all

Review and restrict unnecessary permissions for Calendar app in device settings

🧯 If You Can't Patch

  • Isolate affected devices from critical networks
  • Implement application whitelisting to prevent unauthorized app installations

🔍 How to Verify

Check if Vulnerable:

Check if device has March 2024 security update installed; if not, likely vulnerable

Check Version:

Settings > System & updates > Software update to check security patch level

Verify Fix Applied:

Verify March 2024 security update is installed and Calendar app functions normally without crashes

📡 Detection & Monitoring

Log Indicators:

  • Frequent Calendar app crashes
  • Permission denial errors in system logs
  • Unexpected Calendar app termination

Network Indicators:

  • No specific network indicators as this is a local app vulnerability

SIEM Query:

Search for Calendar app crash events or permission errors in device/system logs

📊 Metadata

CVE ID: CVE-2023-52545
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-276
Published: April 8, 2024
Last Updated: March 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52545, you might also want to check these:

CVE-2025-40585 9.9

Energy Services solutions using G5DFR contain default credentials, allowing attackers to gain contro...

Same vulnerability type (CWE-276)
CVE-2023-47462 9.8

This vulnerability allows remote attackers to execute arbitrary code on GL.iNet AX1800 routers by ex...

Same vulnerability type (CWE-276)
CVE-2022-41572 9.8

CVE-2022-41572 is a privilege escalation vulnerability in EyesOfNetwork (EON) where nmap can be exec...

Same vulnerability type (CWE-276)