CVE-2017-8158 — Incorrect Permission Assignment in Technologies CO LTD Fusioncompute

CWE-732 — Incorrect Permission Assignment3 documents3 sources

Severity

6.5MEDIUMNVD

EPSS

0.0%

top 95.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies CO LTD Fusioncompute Huawei Fusioncompute

Timeline

PublishedNov 22

Latest updateMay 13

Description

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 2.0 | Impact: 4.0

Affected Packages2 packages

▶NVDhuawei/fusioncomputev100r005c00, v100r005c10+1

▶CVEListV5huawei_technologies_co_ltd/fusioncomputeV100R005C00 and V100R005C10

🔴Vulnerability Details

GHSA

GHSA-xwvp-wh56-pqcf: FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the h↗2022-05-13

▶

CVEList

CVE-2017-8158: FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the h↗2017-11-22

▶