CVE-2021-37122

CWE-416 — Use After Free3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.1%

top 81.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Cloudengine 12800 Firmware Huawei Cloudengine 5800 Firmware Huawei Cloudengine 6800 Firmware +1 more

Timeline

PublishedOct 27

Latest updateMay 24

Description

There is a use-after-free (UAF) vulnerability in Huawei products. An attacker may craft specific packets to exploit this vulnerability. Successful exploitation may cause the service abnormal. Affected product versions include:CloudEngine 12800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 5800 V200R005C10SPC800,V200R019C00SPC800;CloudEngine 6800 V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800;CloudEngine 7800 V200R005C10SPC800,V200R019C00SPC800.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/cloudengine_5800_firmwarev200r005c10spc800, v200r019c00spc800+1

▶NVDhuawei/cloudengine_6800_firmwarev200r005c10spc800, v200r005c20spc800, v200r019c00spc800+2

▶NVDhuawei/cloudengine_7800_firmwarev200r005c10spc800, v200r019c00spc800+1

▶NVDhuawei/cloudengine_12800_firmwarev200r005c10spc800, v200r019c00spc800+1

🔴Vulnerability Details

GHSA

GHSA-mp8g-xgjg-4566: There is a use-after-free (UAF) vulnerability in Huawei products↗2022-05-24

▶

CVEList

CVE-2021-37122: There is a use-after-free (UAF) vulnerability in Huawei products↗2021-10-27

▶