CVE-2021-40008

HIGH

Huawei Cloudengine 7800 Firmware - Resource Leak

Title source: rule

Description

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.

References (1)

[Vendor Advisory] https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en

Scores

CVSS v3 7.5

EPSS 0.0018

EPSS Percentile 39.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Classification

CWE

CWE-772

Status published

Affected Products (4)

huawei/cloudengine_7800_firmware

huawei/cloudengine_6800_firmware

huawei/cloudengine_5800_firmware

huawei/cloudengine_12800_firmware

Timeline

Published Dec 13, 2021

Tracked Since Feb 18, 2026