CVE-2021-37122

MEDIUM

Huawei CloudEngine 12800/5800/6800/7800 Firmware - Use-After-Free via Crafted Packets

Title source: llm

Description

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_misc

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211008-01-cloudengine-en

Scores

CVSS v3 6.5

EPSS 0.0006

EPSS Percentile 18.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-416

Status published

Products (9)

huawei/cloudengine_12800_firmware v200r005c10spc800

huawei/cloudengine_12800_firmware v200r019c00spc800

huawei/cloudengine_5800_firmware v200r005c10spc800

huawei/cloudengine_5800_firmware v200r019c00spc800

huawei/cloudengine_6800_firmware v200r005c10spc800

huawei/cloudengine_6800_firmware v200r005c20spc800

huawei/cloudengine_6800_firmware v200r019c00spc800

huawei/cloudengine_7800_firmware v200r005c10spc800

huawei/cloudengine_7800_firmware v200r019c00spc800

Published Oct 27, 2021

Tracked Since Feb 18, 2026