CVE-2021-40008

CVSS v3 7.5 HIGH
CVSS v2.0 5.0 MEDIUM

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

T

here is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust.

References

Link	Resource
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en	Vendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND

cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*

cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*

History

21 Nov 2024, 06:23

Type	Values Removed	Values Added
References	~~() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en - Vendor Advisory~~	() https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en - Vendor Advisory

Information

Published : 2021-12-13 16:15

Updated : 2024-11-21 06:23

NVD link : CVE-2021-40008

Mitre link : CVE-2021-40008

CVE.ORG link : CVE-2021-40008

JSON object : View

Products Affected

CWE

CWE-772

Missing Release of Resource after Effective Lifetime

{"id": "CVE-2021-40008", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "[email protected]", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-12-13T16:15:09.923", "references": [{"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-772"}]}], "descriptions": [{"lang": "en", "value": "There is a memory leak vulnerability in CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 and CloudEngine 7800 V200R019C00SPC800. The software does not sufficiently track and release allocated memory while parse a series of crafted binary messages, which could consume remaining memory. Successful exploit could cause memory exhaust."}, {"lang": "es", "value": "Se presenta una vulnerabilidad de filtrado de memoria en CloudEngine 12800 V200R019C00SPC800, CloudEngine 5800 V200R019C00SPC800, CloudEngine 6800 V200R019C00SPC800 y CloudEngine 7800 V200R019C00SPC800. El software no rastrea y libera suficientemente la memoria asignada mientras analiza una serie de mensajes binarios elaborados, lo que podr\u00eda consumir la memoria restante. Una explotaci\u00f3n con \u00e9xito podr\u00eda causar el agotamiento de la memoria"}], "lastModified": "2024-11-21T06:23:22.150", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_7800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA12B395-7D70-445A-B0FD-47363787D1EE"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_7800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "D05E858C-A3D8-4BF1-A750-CFD8C949ABF0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_6800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D96A7C4-88BE-4353-AC75-AF6841EEB6F9"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_6800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19F2B3CC-12AD-466D-98F9-0C09C7C053CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_5800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BCFEB001-EFF7-47AC-B67E-7B807780F009"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_5800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C8FD775C-F6B6-42B3-942E-EB4DC889B5F0"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:cloudengine_12800_firmware:v200r019c00spc800:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "067ADFDC-B001-4270-9CA2-37F670B3BFAC"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:huawei:cloudengine_12800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "DE8A2875-0F7E-4790-A925-5999396B7578"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}