CVE-2024-54097 – This vulnerability in the HiView module allows ... (How to Fix)

Q: What is the severity of CVE-2024-54097?

CVE-2024-54097 has a CVSS score of 7.3 (HIGH). This vulnerability in the HiView module allows attackers to compromise feature implementation and integrity. It affects Huawei devices running vulnerable versions of the HiView module. The impact could range from service disruption to unauthorized system modifications.

📋 TL;DR

This vulnerability in the HiView module allows attackers to compromise feature implementation and integrity. It affects Huawei devices running vulnerable versions of the HiView module. The impact could range from service disruption to unauthorized system modifications.

💻 Affected Systems

Products:

Huawei devices with HiView module

Versions: Specific versions not detailed in advisory - check Huawei security bulletin

Operating Systems: HarmonyOS, Android-based Huawei systems

Default Config Vulnerable: ⚠️ Yes

Notes: All systems with vulnerable HiView module versions are affected. Exact product list requires checking Huawei's detailed advisory.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise allowing unauthorized feature manipulation, data integrity breaches, and potential privilege escalation.

🟠

Likely Case

Service disruption, feature malfunction, or unauthorized configuration changes affecting system reliability.

🟢

If Mitigated

Limited impact with proper access controls and monitoring, potentially causing minor service interruptions.

🌐 Internet-Facing: MEDIUM - While the vulnerability could be exploited remotely, specific attack vectors are not detailed in the advisory.

🏢 Internal Only: HIGH - Internal attackers with network access could exploit this to affect system integrity and functionality.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

CWE-15 (External Control of System or Configuration Setting) suggests attackers could manipulate system settings, but specific exploitation details are not publicly available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Huawei security bulletin for specific fixed versions

Vendor Advisory: https://consumer.huawei.com/en/support/bulletin/2024/12/

Restart Required: Yes

Instructions:

1. Visit Huawei security advisory. 2. Identify affected products. 3. Apply security updates through official channels. 4. Restart device after update. 5. Verify update installation.

🔧 Temporary Workarounds

Network Segmentation

all

Isolate affected devices from untrusted networks to reduce attack surface

Access Control Restrictions

all

Implement strict access controls to limit who can interact with HiView module

🧯 If You Can't Patch

Implement network segmentation to isolate vulnerable devices
Enable enhanced logging and monitoring for HiView module activities

🔍 How to Verify

Check if Vulnerable:

Check device software version against Huawei's security bulletin for affected versions

Check Version:

Device-specific: Settings > About Phone > Software Information (exact path varies by device)

Verify Fix Applied:

Verify software version has been updated to patched version listed in Huawei advisory

📡 Detection & Monitoring

Log Indicators:

Unauthorized HiView module access attempts
Unexpected configuration changes in HiView
System integrity alerts

Network Indicators:

Unusual network traffic to/from HiView services
Unexpected remote configuration requests

SIEM Query:

source="hiview" AND (event_type="configuration_change" OR event_type="unauthorized_access")

📊 Metadata

CVE ID: CVE-2024-54097

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE: CWE-15

Published: December 12, 2024

Last Updated: January 10, 2025

🔗 References

https://consumer.huawei.com/en/support/bulletin/2024/12/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-54097, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Emui by Huawei

Emui by Huawei

Emui by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

Harmonyos by Huawei

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Access Control Restrictions

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities