CVE-2017-8135 — Command Injection in Technologies CO LTD Fusionsphere Openstack

CWE-77 — Command Injection3 documents3 sources

Severity

8.8HIGHNVD

EPSS

0.5%

top 32.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Fusionsphere Openstack Huawei Fusionsphere Openstack

Timeline

PublishedNov 22

Latest updateMay 14

Description

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/fusionsphere_openstackv100r006c00, v100r006c10+1

▶CVEListV5huawei_technologies_co_ltd/fusionsphere_openstackV100R006C00 and V100R006C10

🔴Vulnerability Details

GHSA

GHSA-fx8w-7fwc-6r2c: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on↗2022-05-14

▶

CVEList

CVE-2017-8135: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on↗2017-11-22

▶