CVE-2024-8992 – This CVE describes an information leak vulnerab... (How to Fix)

Q: What is the severity of CVE-2024-8992?

CVE-2024-8992 has a CVSS score of 4.0 (MEDIUM). This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sensitive information. The vulnerability affects users of specific Honor devices with vulnerable software versions.

📋 TL;DR

This CVE describes an information leak vulnerability affecting certain Honor products. Successful exploitation could allow unauthorized access to sensitive information. The vulnerability affects users of specific Honor devices with vulnerable software versions.

💻 Affected Systems

Products:

Honor smartphones and devices

Versions: Specific affected versions not detailed in reference

Operating Systems: HarmonyOS, Android-based Honor systems

Default Config Vulnerable: ⚠️ Yes

Notes: Exact product models and version ranges not specified in the provided reference. Users should check Honor's official advisory for specific affected devices.

📦 What is this software?

Magicos by Honor

View all CVEs affecting Magicos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Sensitive user data, device information, or system details could be exposed to unauthorized parties, potentially leading to privacy violations or facilitating further attacks.

🟠

Likely Case

Limited information disclosure such as device identifiers, configuration details, or non-critical system information being accessible to local attackers or malicious apps.

🟢

If Mitigated

With proper access controls and security configurations, the impact would be minimal, potentially limited to non-sensitive information.

🌐 Internet-Facing: LOW

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation likely requires local access or malicious application installation. No public exploit code has been identified.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in reference

Vendor Advisory: https://www.honor.com/global/security/cve-2024-8992/

Restart Required: Yes

Instructions:

1. Check for system updates in device settings. 2. Install the latest security update from Honor. 3. Restart device after installation. 4. Verify update was successful.

🔧 Temporary Workarounds

Restrict app permissions

all

Limit application permissions to reduce potential attack surface

Disable unnecessary services

all

Turn off unused device features and services

🧯 If You Can't Patch

Isolate affected devices from sensitive networks
Implement strict access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check device model and software version against Honor's advisory. Navigate to Settings > About Phone > Software Information.

Check Version:

Settings > About Phone > Software Information (device-specific)

Verify Fix Applied:

Verify the installed software version matches or exceeds the patched version specified by Honor.

📡 Detection & Monitoring

Log Indicators:

Unusual permission requests
Unexpected data access patterns
Security service alerts

Network Indicators:

Unusual outbound data transfers from device
Suspicious API calls

SIEM Query:

Not applicable for typical mobile device deployments

📊 Metadata

CVE ID: CVE-2024-8992

CVSS v3 Score: 4.0 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-203

Published: December 26, 2024

Last Updated: June 5, 2025

🔗 References

https://www.honor.com/global/security/cve-2024-8992/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-8992, you might also want to check these: