Skip to main content

Fusionsphere Openstack CVE-2017-2714

HIGH
Buffer Overflow (CWE-119)
2017-11-22 psirt@huawei.com
8.0
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.0 HIGH
AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2017 - 19:29 cve.org
HIGH 8.0

DescriptionCVE.org

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.

AnalysisAI

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated high severity (CVSS 8.0), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system. Affected products include: Huawei Fusionsphere Openstack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2017-8135 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-2719 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-2718 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-8194 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8195 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8134 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8132 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8131 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2020-9079 HIGH
8.8 Aug 11

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vul

CVE-2017-8193 HIGH
8.0 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0),

CVE-2017-8192 HIGH
7.8 Nov 22

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vul

CVE-2020-9225 HIGH
7.8 Jun 18

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. Rated high severity (CVSS 7.8), this

Share

CVE-2017-2714 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy