CVE-2021-40042
MEDIUMHuawei CloudEngine 12800/5800/6800/7800 Firmware - Use-After-Free
Title source: llmDescription
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_misc
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en
Scores
CVSS v3
6.5
EPSS
0.0055
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-763
Status
published
Products (9)
huawei/cloudengine_12800_firmware
v200r019c10spc800
huawei/cloudengine_12800_firmware
v200r019c10spc900
huawei/cloudengine_5800_firmware
v200r019c10spc800
huawei/cloudengine_5800_firmware
v200r020c00spc600
huawei/cloudengine_6800_firmware
v200r019c10spc800
huawei/cloudengine_6800_firmware
v200r019c10spc900
huawei/cloudengine_6800_firmware
v200r020c00spc600
huawei/cloudengine_6800_firmware
v300r020c00spc200
huawei/cloudengine_7800_firmware
v200r019c10spc800
Published
Jan 31, 2022
Tracked Since
Feb 18, 2026