CVE-2017-8134

CWE-77Command Injection3 documents3 sources
Severity
8.8HIGH
EPSS
0.3%
top 46.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies Co., Ltd. Fusionsphere OpenstackHuawei Fusionsphere Openstack
Timeline
PublishedNov 22
Latest updateMay 17

Description

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/fusionsphere_openstackv100r006c00, v100r006c10+1
CVEListV5huawei_technologies_co.,_ltd./fusionsphere_openstackV100R006C00 and V100R006C10

🔴Vulnerability Details

2
GHSA
GHSA-37fm-24w3-h7fh: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on2022-05-17
CVEList
CVE-2017-8134: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on2017-11-22
CVE-2017-8134 (HIGH CVSS 8.8) | The FusionSphere OpenStack with sof | cvebase.io