Main Vulnerability Database Vulnerabilities #VU36356

Information disclosure in FusionSphere OpenStack - CVE-2018-7977

Published: November 27, 2018 / Updated: August 8, 2020

Vulnerability identifier: #VU36356

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2018-7977

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FusionSphere OpenStack

Software vendor:
Huawei

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.

Remediation

Install update from vendor's website.

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en

Information disclosure in FusionSphere OpenStack - CVE-2018-7977

Description

Remediation

External links

Please verify you're human