Main Vulnerability Database Vulnerabilities #VU37884

Command Injection in FusionSphere OpenStack - CVE-2017-2719

Published: November 22, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37884

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2017-2719

CWE-ID: CWE-77

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
FusionSphere OpenStack

Software vendor:
Huawei

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

Remediation

Install update from vendor's website.

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en

Command Injection in FusionSphere OpenStack - CVE-2017-2719

Description

Remediation

External links

Please verify you're human