CVE-2021-40042

Name: CVE-2021-40042
Creator: NVD / NIST
Published: 2022-01-31T16:15:09.97+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 6.5/10EPSS 0.56%

Last modified Jun 17, 2026

CVE-2021-40042 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.. EPSS estimates a 0.56% chance of exploitation in the next 30 days.

Description

There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800.

Metrics

CVSS 3.1

6.5/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Probability

0.56%

42.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-763

Affected Software

Vendor	Product	Versions
Huawei	Cloudengine 12800 Firmware	v200r019c10spc800
Huawei	Cloudengine 12800 Firmware	v200r019c10spc900
Huawei	Cloudengine 5800 Firmware	v200r019c10spc800
Huawei	Cloudengine 5800 Firmware	v200r020c00spc600
Huawei	Cloudengine 6800 Firmware	v200r019c10spc800
Huawei	Cloudengine 6800 Firmware	v200r019c10spc900
Huawei	Cloudengine 6800 Firmware	v200r020c00spc600
Huawei	Cloudengine 6800 Firmware	v300r020c00spc200
Huawei	Cloudengine 7800 Firmware	v200r019c10spc800

References

https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-enVendor Advisory
https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-enVendor Advisory

Timeline

Published: Jan 31, 2022
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2021-40042?

How severe is CVE-2021-40042?

CVE-2021-40042 has a CVSS score of 6.5/10 (MEDIUM severity). The EPSS model estimates a 0.56% probability of exploitation in the next 30 days.

How do I fix CVE-2021-40042?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-40042?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST