CVE-2021-40042

CWE-7633 documents3 sources

Severity

6.5MEDIUM

EPSS

0.2%

top 61.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Cloudengine 12800 Firmware Huawei Cloudengine 5800 Firmware Huawei Cloudengine 6800 Firmware +1 more

Timeline

PublishedJan 31

Latest updateFeb 1

Description

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶NVDhuawei/cloudengine_5800_firmwarev200r019c10spc800, v200r020c00spc600+1

▶NVDhuawei/cloudengine_6800_firmware4 versions+3

▶NVDhuawei/cloudengine_7800_firmwarev200r019c10spc800

▶NVDhuawei/cloudengine_12800_firmwarev200r019c10spc800, v200r019c10spc900+1

🔴Vulnerability Details

GHSA

GHSA-2grq-h2qw-x3px: There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal↗2022-02-01

▶

CVEList

CVE-2021-40042: There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal↗2022-01-31

▶