Huawei Fusionsphere Openstack vulnerabilities

CVE-2020-9079 [HIGH] CVE-2020-9079: FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrec FusionSphere OpenStack 8.0.0 have a protection mechanism failure vulnerability. The product incorrectly uses a protection mechanism. An attacker has to find a way to exploit the vulnerability to conduct directed attacks against the affected product.

CVE-2020-9225 [HIGH] CWE-269 CVE-2020-9225: FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software doe FusionSphere OpenStack 6.5.1 have an improper permissions management vulnerability. The software does not correctly perform a privilege assignment when an actor attempts to perform an action. Successful exploit could allow certain user to do certain operations beyond its privilege.

CVE-2018-7977 [HIGH] CWE-200 CVE-2018-7977: There is an information leakage vulnerability on several Huawei products. Due to insufficient commun There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.

CVE-2017-15321 [LOW] CWE-200 CVE-2017-15321: Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.

CVE-2017-8192 [HIGH] CWE-863 CVE-2017-8192: FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper auth FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.

CVE-2017-2714 [HIGH] CWE-119 CVE-2017-2714: The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow v The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier versions has a buffer overflow vulnerability. An authenticated attacker on the LAN can exploit this vulnerability to execute arbitrary code or cause a denial of service (DoS) condition in the affected system.

CVE-2017-8131 [HIGH] CWE-77 CVE-2017-8131: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnera The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-8193 [HIGH] CWE-77 CVE-2017-8193: The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

CVE-2017-8188 [HIGH] CWE-77 CVE-2017-8188: FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of v FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution.

CVE-2017-8195 [HIGH] CWE-287 CVE-2017-8195: The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

CVE-2017-2718 [HIGH] CWE-77 CVE-2017-2718: FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulner FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-8134 [HIGH] CWE-77 CVE-2017-8134: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnera The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-2719 [HIGH] CWE-77 CVE-2017-2719: FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulner FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-8194 [HIGH] CWE-287 CVE-2017-8194: The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.

CVE-2017-8132 [HIGH] CWE-77 CVE-2017-8132: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnera The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-8135 [HIGH] CWE-77 CVE-2017-8135: The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnera The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVE-2017-8190 [MEDIUM] CWE-347 CVE-2017-8190: FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.

CVE-2017-2720 [MEDIUM] CWE-798 CVE-2017-2720: FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.

CVE-2017-8189 [MEDIUM] CWE-22 CVE-2017-8189: FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.

CVE-2017-8191 [MEDIUM] CWE-327 CVE-2017-8191: FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attac FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.