Main Vulnerability Database SB2017112217

SB2017112217 - Use of hard-coded credentials in Huawei FusionSphere OpenStack

Published: November 22, 2017 Updated: August 8, 2020

Security Bulletin ID SB2017112217

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use of hard-coded credentials (CVE-ID: CVE-2017-2720)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.

Remediation

Install update from vendor's website.

References

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en