CVE-2017-8192

CWE-863 — Incorrect Authorization CWE-122 — Heap-based Buffer Overflow6 documents6 sources

Severity

7.8HIGH

EPSS

0.0%

top 93.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Fusionsphere Openstack Huawei Fusionsphere Openstack

Timeline

PublishedNov 22

Latest updateMay 13

Description

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/fusionsphere_openstackv100r006c00

▶CVEListV5huawei_technologies_co.,_ltd./fusionsphere_openstackV100R006C00

🔴Vulnerability Details

GHSA

GHSA-hjqc-wrmr-hq47: FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability↗2022-05-13

▶

CVEList

CVE-2017-8192: FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability↗2017-11-22

▶

📋Vendor Advisories

Red Hat

wget: Heap-based buffer overflow in HTTP protocol handling↗2017-10-26

▶

💬Community

HackerOne

CVE-2017-13090 wget heap smash↗2019-11-12

▶

Bugzilla

CVE-2017-13090 wget: Heap-based buffer overflow in HTTP protocol handling↗2017-10-23

▶