Memory Leak Vulnerability in Huawei CloudEngine Series
CVE-2021-40008

7.5HIGH

Key Information:

Vendor: Huawei
Status: Cloudengine 12800;cloudengine 5800;cloudengine 6800;cloudengine 7800
Vendor: CVE Published:; 13 December 2021

Summary

A memory leak has been identified in several models of Huawei's CloudEngine series. This issue arises from the software's inadequate management of allocated memory during the parsing of specially crafted binary messages. As a result, the system may fail to properly release memory, leading to an exhaustion of available resources. If exploited, this vulnerability could severely impact device performance and stability, making it critical for users to ensure that their systems are updated with the latest patches.

Affected Version(s)

CloudEngine 12800;CloudEngine 5800;CloudEngine 6800;CloudEngine 7800 V200R019C00SPC800

References

https://www.huawei.com/en/psirt/security-advisories/huawe...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 13, 2021
Vulnerability Reserved
Aug 23, 2021