CVSS: 6.5EPSS: 0%CPEs: 13EXPL: 0CVE-2021-40042
https://notcve.org/view.php?id=CVE-2021-40042
There is a release of invalid pointer vulnerability in some Huawei products, successful exploit may cause the process and service abnormal. Affected product versions include: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versions V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800. Se presenta una vulnerabilidad de puntero no válido en algunos productos de Huawei, una explotación con éxito puede causar que el proceso y el servicio sean anormales. Las versiones de producto afectadas incluyen: CloudEngine 12800 V200R019C10SPC800, V200R019C10SPC900; CloudEngine 5800 V200R019C10SPC800, V200R020C00SPC600; CloudEngine 6800 versiones V200R019C10SPC800, V200R019C10SPC900, V200R020C00SPC600, V300R020C00SPC200; CloudEngine 7800 V200R019C10SPC800 • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20220112-01-invalid-en • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 5.3EPSS: 0%CPEs: 29EXPL: 0CVE-2021-22362
https://notcve.org/view.php?id=CVE-2021-22362
There is an out of bounds write vulnerability in some Huawei products. An attacker can exploit this vulnerability by sending crafted data in the packet to the target device. Due to insufficient validation of message, successful exploit can cause certain service abnormal.Affected product versions include:CloudEngine 12800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 5800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800@;CloudEngine 6800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R005C20SPC800,V200R019C00SPC800,V200R019C10SPC800;CloudEngine 7800 versions V200R002C50SPC800,V200R003C00SPC810,V200R005C00SPC800,V200R005C10SPC800,V200R019C00SPC800,V200R019C10SPC800. Se presenta una vulnerabilidad de escritura fuera de límites en algunos productos de Huawei. Un atacante puede explotar esta vulnerabilidad mediante el envío datos diseñados en el paquete hacia el dispositivo destino. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20210519-01-cloudengine-en • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 0CVE-2020-1865
https://notcve.org/view.php?id=CVE-2020-1865
There is an out-of-bounds read vulnerability in Huawei CloudEngine products. The software reads data past the end of the intended buffer when parsing certain PIM message, an adjacent attacker could send crafted PIM messages to the device, successful exploit could cause out of bounds read when the system does the certain operation. Se presenta una vulnerabilidad de lectura fuera de límites en los productos Huawei CloudEngine. El software lee los datos más allá del final del búfer previsto cuando se analiza determinado mensaje PIM, un atacante adyacente podría enviar mensajes PIM diseñados al dispositivo, una explotación con éxito podría causar una lectura fuera de límites cuando el sistema realiza la operación determinada • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201230-02-cloudengine-en • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 29EXPL: 0CVE-2020-9137
https://notcve.org/view.php?id=CVE-2020-9137
There is a privilege escalation vulnerability in some versions of CloudEngine 12800,CloudEngine 5800,CloudEngine 6800 and CloudEngine 7800. Due to insufficient input validation, a local attacker with high privilege may execute some specially crafted scripts in the affected products. Successful exploit will cause privilege escalation. Se presenta una vulnerabilidad de escalada de privilegios en algunas versiones de CloudEngine 12800, CloudEngine 5800, CloudEngine 6800 y CloudEngine 7800. Debido a una comprobación insuficiente de la entrada, un atacante local con privilegios elevados puede ejecutar algunos scripts especialmente diseñados en los productos afectados. • https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20201202-02-privilege-en • CWE-20: Improper Input Validation •