Skip to main content

Fusionsphere Openstack CVE-2017-15321

LOW
Information Exposure (CWE-200)
2017-12-22 psirt@huawei.com
3.7
CVSS 3.0 · NVD

Severity by source

NVD PRIMARY
3.7 LOW
AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Dec 22, 2017 - 17:29 cve.org
LOW 3.7

DescriptionCVE.org

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.

AnalysisAI

Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak. Affected products include: Huawei Fusionsphere Openstack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2017-8135 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-2719 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-2718 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-8194 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8195 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8134 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8132 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8131 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2020-9079 HIGH
8.8 Aug 11

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vul

CVE-2017-8193 HIGH
8.0 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0),

CVE-2017-2714 HIGH
8.0 Nov 22

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated

CVE-2017-8192 HIGH
7.8 Nov 22

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vul

Share

CVE-2017-15321 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy