Skip to main content

Fusionsphere Openstack CVE-2017-8132

HIGH
Command Injection (CWE-77)
2017-11-22 psirt@huawei.com
8.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 22, 2017 - 19:29 cve.org
HIGH 8.8

DescriptionCVE.org

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

AnalysisAI

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Command Injection (CWE-77), which allows attackers to inject arbitrary commands into system command execution. The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. Affected products include: Huawei Fusionsphere Openstack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized APIs, avoid shell execution, validate input with strict allowlists.

CVE-2017-8135 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-2719 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-2718 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-8194 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8195 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8134 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8131 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2020-9079 HIGH
8.8 Aug 11

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vul

CVE-2017-8193 HIGH
8.0 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0),

CVE-2017-2714 HIGH
8.0 Nov 22

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated

CVE-2017-8192 HIGH
7.8 Nov 22

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vul

CVE-2020-9225 HIGH
7.8 Jun 18

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. Rated high severity (CVSS 7.8), this

Share

CVE-2017-8132 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy