Login Sign Up

CVE-2021-40008

7.5 HIGH
Denial of Service

📋 TL;DR

This memory leak vulnerability in Huawei CloudEngine switches allows attackers to cause memory exhaustion by sending crafted binary messages. Affected organizations are those running specific Huawei CloudEngine switch models with vulnerable firmware versions. The vulnerability could lead to denial of service conditions.

💻 Affected Systems

Products:
  • CloudEngine 12800
  • CloudEngine 5800
  • CloudEngine 6800
  • CloudEngine 7800
Versions: V200R019C00SPC800
Operating Systems: Huawei VRP
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations running affected firmware versions are vulnerable; no special configuration required.

📦 What is this software?

Cloudengine 12800 Firmware by Huawei

View all CVEs affecting Cloudengine 12800 Firmware →

Cloudengine 5800 Firmware by Huawei

View all CVEs affecting Cloudengine 5800 Firmware →

Cloudengine 6800 Firmware by Huawei

View all CVEs affecting Cloudengine 6800 Firmware →

Cloudengine 7800 Firmware by Huawei

View all CVEs affecting Cloudengine 7800 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete memory exhaustion leading to switch crash and network outage, requiring physical reboot and service disruption.

🟠

Likely Case

Degraded switch performance, packet loss, and intermittent connectivity issues as memory becomes constrained.

🟢

If Mitigated

Minimal impact with proper network segmentation and monitoring; potential performance degradation but no complete outage.

🌐 Internet-Facing: MEDIUM - Switches exposed to untrusted networks could be targeted, but exploitation requires specific crafted messages.
🏢 Internal Only: LOW - Internal attackers would need network access and knowledge of the vulnerability; easier to detect and contain.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting specific binary messages but does not require authentication. No public exploit code has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: V200R019C00SPC810 or later

Vendor Advisory: https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20211208-01-memleak-en

Restart Required: Yes

Instructions:

1. Download the patched firmware from Huawei support portal. 2. Backup current configuration. 3. Upload and install the new firmware. 4. Reboot the switch. 5. Verify the new version is running.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict access to switch management interfaces to trusted networks only.

access-list 100 permit ip 10.0.0.0 0.255.255.255 any
interface vlanif 1
traffic-filter inbound acl 100

Rate Limiting

all

Implement rate limiting on management interfaces to slow potential memory exhaustion attacks.

qos car inbound any cir 1000
interface vlanif 1
qos car inbound

🧯 If You Can't Patch

  • Implement strict network access controls to limit who can communicate with switch management interfaces.
  • Deploy network monitoring to detect abnormal traffic patterns or memory usage spikes on affected switches.

🔍 How to Verify

Check if Vulnerable:

Check firmware version with: display version | include V200R019C00SPC800

Check Version:

display version

Verify Fix Applied:

Verify firmware version is V200R019C00SPC810 or later: display version | include V200R019C00SPC

📡 Detection & Monitoring

Log Indicators:

  • Memory usage spikes in system logs
  • Repeated connection attempts to switch management interfaces
  • System warning messages about memory exhaustion

Network Indicators:

  • Unusual volume of binary traffic to switch management ports
  • Abnormal packet patterns targeting switch management interfaces

SIEM Query:

source="switch_logs" AND ("memory" AND "exhaust" OR "high" AND "usage")

📊 Metadata

CVE ID: CVE-2021-40008
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-772
Published: December 13, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-40008, you might also want to check these:

CVE-2024-2398 8.6

CVE-2024-2398 is a memory leak vulnerability in libcurl that occurs when HTTP/2 server push headers ...

Same vulnerability type (CWE-772)
CVE-2025-36128 7.5

IBM MQ is vulnerable to denial of service attacks where attackers can exploit improper timeout enfor...

Same vulnerability type (CWE-772)
CVE-2022-26353 7.5

A memory leak vulnerability in QEMU's virtio-net device occurs when cached virtqueue elements aren't...

Same vulnerability type (CWE-772)