CVE-2017-8193Command Injection in Technologies CO LTD Fusionsphere Openstack

CWE-77Command Injection3 documents3 sources
Severity
8.0HIGHNVD
EPSS
0.4%
top 36.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Huawei Technologies CO LTD Fusionsphere OpenstackHuawei Fusionsphere Openstack
Timeline
PublishedNov 22
Latest updateMay 17

Description

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.1 | Impact: 5.9

Affected Packages2 packages

NVDhuawei/fusionsphere_openstackv100r006c00spc102\(nfv\)
CVEListV5huawei_technologies_co_ltd/fusionsphere_openstackV100R006C00SPC102(NFV)

🔴Vulnerability Details

2
GHSA
GHSA-54gh-5r45-9v33: The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability2022-05-17
CVEList
CVE-2017-8193: The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability2017-11-22
CVE-2017-8193 — Command Injection | cvebase