Main Vulnerability Database Vulnerabilities #VU37885

Use of hard-coded credentials in FusionSphere OpenStack - CVE-2017-2720

Published: November 22, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU37885

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2017-2720

CWE-ID: CWE-798

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FusionSphere OpenStack

Software vendor:
Huawei

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.

Remediation

Install update from vendor's website.

External links

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en

Use of hard-coded credentials in FusionSphere OpenStack - CVE-2017-2720

Description

Remediation

External links

Please verify you're human