CVE-2017-2718

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.4%
top 36.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Fusionsphere OpenstackHuawei Fusionsphere Openstack
Timeline
PublishedNov 22
Latest updateMay 13

Description

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/fusionsphere_openstackv100r006c00, v100r006c10+1
CVEListV5huawei_technologies_co.,_ltd./fusionsphere_openstack&#xac, V100R006C00&#xa3, V100R006C10RC2+2

🔴Vulnerability Details

2
GHSA
GHSA-f558-4253-rc39: FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation2022-05-13
CVEList
CVE-2017-2718: FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation2017-11-22
CVE-2017-2718 (HIGH CVSS 8.8) | FusionSphere OpenStack with softwar | cvebase.io