CVE-2021-40042

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.

Published: Jan 31, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-40042
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-763

Affected Software
References

Software	From	Fixed in
huawei / cloudengine_12800_firmware	200r019c10spc800	200r019c10spc800.x
huawei / cloudengine_12800_firmware	200r019c10spc900	200r019c10spc900.x
huawei / cloudengine_5800_firmware	200r019c10spc800	200r019c10spc800.x
huawei / cloudengine_5800_firmware	200r020c00spc600	200r020c00spc600.x
huawei / cloudengine_6800_firmware	200r019c10spc800	200r019c10spc800.x
huawei / cloudengine_6800_firmware	200r019c10spc900	200r019c10spc900.x
huawei / cloudengine_6800_firmware	200r020c00spc600	200r020c00spc600.x
huawei / cloudengine_6800_firmware	300r020c00spc200	300r020c00spc200.x
huawei / cloudengine_7800_firmware	200r019c10spc800	200r019c10spc800.x

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en

Vulnerability Database

289,599

CVE-2021-40042