Main Vulnerability Database Vulnerabilities #VU37883

Command Injection in FusionSphere OpenStack - CVE-2017-2718

Published: November 22, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37883

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-2718

CWE-ID: CWE-77

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vendor: Huawei

Affected software:
FusionSphere OpenStack

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

How to mitigate CVE-2017-2718

Install update from vendor's website.

Sources

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en

Command Injection in FusionSphere OpenStack - CVE-2017-2718

Detailed vulnerability description

How to mitigate CVE-2017-2718

Sources

Please verify you're human