Main Vulnerability Database Vulnerabilities #VU37880

Command Injection in FusionSphere OpenStack - CVE-2017-8132

Published: November 22, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37880

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-8132

CWE-ID: CWE-77

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FusionSphere OpenStack

Software vendor:
Huawei

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

Remediation

Install update from vendor's website.

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en

Command Injection in FusionSphere OpenStack - CVE-2017-8132

Description

Remediation

External links

Please verify you're human