Cyber Resilience

CVE-2021-40042

Medium

Published: 31 January 2022

Published
31 January 2022
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0017 38.6th percentile
Risk Priority 13 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-40042 is a medium-severity Release of Invalid Pointer or Reference (CWE-763) vulnerability in Huawei Cloudengine 6800 Firmware. Its CVSS base score is 6.5 (Medium).

Operationally, ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200;…

more

CloudEngine 7800 V200R019C10SPC800.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

huawei
cloudengine 12800 firmware
v200r019c10spc800, v200r019c10spc900
huawei
cloudengine 5800 firmware
v200r019c10spc800, v200r020c00spc600
huawei
cloudengine 6800 firmware
v200r019c10spc800, v200r019c10spc900, v200r020c00spc600, v300r020c00spc200
huawei
cloudengine 7800 firmware
v200r019c10spc800

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References