Skip to main content

Fusionsphere Openstack CVE-2020-9079

HIGH
2020-08-11 psirt@huawei.com
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 11, 2020 - 02:15 nvd
HIGH 8.8

DescriptionNVD

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.

AnalysisAI

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product. Affected products include: Huawei Fusionsphere Openstack.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-8135 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-2719 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-2718 HIGH
8.8 Nov 22

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the

CVE-2017-8194 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8195 HIGH
8.8 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Rated high severity (CVS

CVE-2017-8134 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8132 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8131 HIGH
8.8 Nov 22

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the in

CVE-2017-8193 HIGH
8.0 Nov 22

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Rated high severity (CVSS 8.0),

CVE-2017-2714 HIGH
8.0 Nov 22

The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. Rated

CVE-2017-8192 HIGH
7.8 Nov 22

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Rated high severity (CVSS 7.8), this vul

CVE-2020-9225 HIGH
7.8 Jun 18

FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. Rated high severity (CVSS 7.8), this

Share

CVE-2020-9079 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy