Cyber Resilience

CVE-2021-40008

High

Published: 13 December 2021

Published
13 December 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0018 39.7th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-40008 is a high-severity Missing Release of Resource after Effective Lifetime (CWE-772) vulnerability in Huawei Cloudengine 7800 Firmware. Its CVSS base score is 7.5 (High).

Operationally, ranked at the 39.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could…

more

consume remaining memory. Successful exploit could cause memory exhaust.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

huawei
cloudengine 7800 firmware
v200r019c00spc800
huawei
cloudengine 6800 firmware
v200r019c00spc800
huawei
cloudengine 5800 firmware
v200r019c00spc800
huawei
cloudengine 12800 firmware
v200r019c00spc800

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-772

Ensures network resources are released once the session ends or becomes inactive, closing the window for missing-release weaknesses.

References