CVE-2018-7977

CWE-200 — Information Exposure4 documents4 sources

Severity

7.5HIGH

EPSS

0.2%

top 64.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Technologies Co., Ltd. Fusionsphere Openstack Huawei Fusionsphere Openstack

Timeline

PublishedNov 27

Latest updateMay 14

Description

There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDhuawei/fusionsphere_openstack100r006c00

▶CVEListV5huawei_technologies_co.,_ltd./fusionsphere_openstackV100R006C00

🔴Vulnerability Details

GHSA

GHSA-47cx-x7mm-vj6c: There is an information leakage vulnerability on several Huawei products↗2022-05-14

▶

CVEList

CVE-2018-7977: There is an information leakage vulnerability on several Huawei products↗2018-11-27

▶

📋Vendor Advisories

Red Hat

ghostscript: status command permitted with -dSAFER in psi/zfile.c allowing attackers to identify the size and existence of files↗2016-10-05

▶