Search criteria
40 vulnerabilities found for FusionSphere OpenStack by Huawei Technologies Co., Ltd.
CVE-2018-7977 (GCVE-0-2018-7977)
Vulnerability from cvelistv5 – Published: 2018-11-27 22:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
Severity ?
No CVSS data available.
CWE
- information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2018-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T21:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7977",
"datePublished": "2018-11-27T22:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8187 (GCVE-0-2017-8187)
Vulnerability from cvelistv5 – Published: 2018-03-20 15:00 – Updated: 2024-08-05 16:27
VLAI?
Summary
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users\u0027 certificates. Successful exploit may cause privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-8187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users\u0027 certificates. Successful exploit may cause privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8187",
"datePublished": "2018-03-20T15:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15321 (GCVE-0-2017-15321)
Vulnerability from cvelistv5 – Published: 2017-12-22 17:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.
Severity ?
No CVSS data available.
CWE
- Information Leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C000SPC102 (NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C000SPC102 (NFV)"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-08T00:00:00",
"ID": "CVE-2017-15321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C000SPC102 (NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15321",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T00:36:21.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8189 (GCVE-0-2017-8189)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.
Severity ?
No CVSS data available.
CWE
- path traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8189",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:43:40.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8191 (GCVE-0-2017-8191)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:52
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.
Severity ?
No CVSS data available.
CWE
- week cryptographic algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "week cryptographic algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T10:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "week cryptographic algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8191",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:52:50.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8193 (GCVE-0-2017-8193)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 02:02
VLAI?
Summary
The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8193",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:02:07.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8190 (GCVE-0-2017-8190)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.
Severity ?
No CVSS data available.
CWE
- improper verification of cryptographic signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper verification of cryptographic signature",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper verification of cryptographic signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8190",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:36:06.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8132 (GCVE-0-2017-8132)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 17:09
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8132",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T17:09:08.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8192 (GCVE-0-2017-8192)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8192",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:25:35.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8195 (GCVE-0-2017-8195)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:03
VLAI?
Summary
The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.
Severity ?
No CVSS data available.
CWE
- improper authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8195",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:03:32.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8134 (GCVE-0-2017-8134)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:53
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8134",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:53:39.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2719 (GCVE-0-2017-2719)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 21:58
VLAI?
Summary
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00£
Affected: ¬ Affected: V100R006C10RC2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00\u0026#xa3"
},
{
"status": "affected",
"version": "\u0026#xac"
},
{
"status": "affected",
"version": "V100R006C10RC2"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00\u0026#xa3"
},
{
"version_value": "\u0026#xac"
},
{
"version_value": "V100R006C10RC2"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2719",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T21:58:25.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2720 (GCVE-0-2017-2720)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 18:28
VLAI?
Summary
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2720",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:28:20.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8131 (GCVE-0-2017-8131)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8131",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:20:40.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8135 (GCVE-0-2017-8135)
Vulnerability from cvelistv5 – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:45
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-26T10:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "102262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102262"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8135",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:45:01.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7977 (GCVE-0-2018-7977)
Vulnerability from nvd – Published: 2018-11-27 22:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage.
Severity ?
No CVSS data available.
CWE
- information leakage
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2018-11-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "information leakage",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-27T21:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2018-7977",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is an information leakage vulnerability on several Huawei products. Due to insufficient communication protection for specific services, a remote, unauthorized attacker can exploit this vulnerability to connect to specific services to obtain additional information. Successful exploitation of this vulnerability can lead to information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "information leakage"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20181114-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2018-7977",
"datePublished": "2018-11-27T22:00:00",
"dateReserved": "2018-03-09T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8187 (GCVE-0-2017-8187)
Vulnerability from nvd – Published: 2018-03-20 15:00 – Updated: 2024-08-05 16:27
VLAI?
Summary
Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation.
Severity ?
No CVSS data available.
CWE
- privilege escalation
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.885Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users\u0027 certificates. Successful exploit may cause privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "privilege escalation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-03-20T14:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2017-8187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users\u0027 certificates. Successful exploit may cause privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "privilege escalation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8187",
"datePublished": "2018-03-20T15:00:00",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-08-05T16:27:22.885Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-15321 (GCVE-0-2017-15321)
Vulnerability from nvd – Published: 2017-12-22 17:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak.
Severity ?
No CVSS data available.
CWE
- Information Leak
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C000SPC102 (NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:50:16.509Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C000SPC102 (NFV)"
}
]
}
],
"datePublic": "2017-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Leak",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-22T16:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-08T00:00:00",
"ID": "CVE-2017-15321",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C000SPC102 (NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an information leak vulnerability due to the use of a low version transmission protocol by default. An attacker could intercept packets transferred by a target device. Successful exploit could cause an information leak."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Leak"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171108-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-15321",
"datePublished": "2017-12-22T17:00:00Z",
"dateReserved": "2017-10-14T00:00:00",
"dateUpdated": "2024-09-17T00:36:21.879Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8189 (GCVE-0-2017-8189)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:43
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal.
Severity ?
No CVSS data available.
CWE
- path traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:23.197Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "path traversal",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8189",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "path traversal"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8189",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:43:40.272Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8191 (GCVE-0-2017-8191)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:52
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links.
Severity ?
No CVSS data available.
CWE
- week cryptographic algorithm
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.967Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102282"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "week cryptographic algorithm",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T10:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102282"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8191",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "week cryptographic algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
},
{
"name": "102282",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102282"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8191",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:52:50.082Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8193 (GCVE-0-2017-8193)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 02:02
VLAI?
Summary
The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.
Severity ?
No CVSS data available.
CWE
- command injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "command injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8193",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "command injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8193",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T02:02:07.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8190 (GCVE-0-2017-8190)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 00:36
VLAI?
Summary
FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software.
Severity ?
No CVSS data available.
CWE
- improper verification of cryptographic signature
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper verification of cryptographic signature",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8190",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper verification of cryptographic signature"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8190",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:36:06.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8132 (GCVE-0-2017-8132)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 17:09
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.856Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8132",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8132",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T17:09:08.649Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8192 (GCVE-0-2017-8192)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:25
VLAI?
Summary
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.
Severity ?
No CVSS data available.
CWE
- Improper Authorization
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Authorization",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8192",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8192",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:25:35.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8195 (GCVE-0-2017-8195)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:03
VLAI?
Summary
The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.
Severity ?
No CVSS data available.
CWE
- improper authentication
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00SPC102(NFV)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00SPC102(NFV)"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "improper authentication",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00SPC102(NFV)"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "improper authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8195",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:03:32.117Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8134 (GCVE-0-2017-8134)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 03:53
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.608Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8134",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8134",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T03:53:39.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2719 (GCVE-0-2017-2719)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 21:58
VLAI?
Summary
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00£
Affected: ¬ Affected: V100R006C10RC2 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.626Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00\u0026#xa3"
},
{
"status": "affected",
"version": "\u0026#xac"
},
{
"status": "affected",
"version": "V100R006C10RC2"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2719",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00\u0026#xa3"
},
{
"version_value": "\u0026#xac"
},
{
"version_value": "V100R006C10RC2"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2719",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T21:58:25.063Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-2720 (GCVE-0-2017-2720)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 18:28
VLAI?
Summary
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
Severity ?
No CVSS data available.
CWE
- Information Exposure
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T14:02:07.481Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Exposure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-2720",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Exposure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-2720",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2016-12-01T00:00:00",
"dateUpdated": "2024-09-16T18:28:20.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8131 (GCVE-0-2017-8131)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-17 00:20
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-22T18:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8131",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8131",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-17T00:20:40.696Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-8135 (GCVE-0-2017-8135)
Vulnerability from nvd – Published: 2017-11-22 19:00 – Updated: 2024-09-16 22:45
VLAI?
Summary
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Severity ?
No CVSS data available.
CWE
- Command Injection
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Huawei Technologies Co., Ltd. | FusionSphere OpenStack |
Affected:
V100R006C00 and V100R006C10
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T16:27:22.703Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "102262",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/102262"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "FusionSphere OpenStack",
"vendor": "Huawei Technologies Co., Ltd.",
"versions": [
{
"status": "affected",
"version": "V100R006C00 and V100R006C10"
}
]
}
],
"datePublic": "2017-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Command Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-26T10:57:01",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"name": "102262",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/102262"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"DATE_PUBLIC": "2017-11-15T00:00:00",
"ID": "CVE-2017-8135",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "FusionSphere OpenStack",
"version": {
"version_data": [
{
"version_value": "V100R006C00 and V100R006C10"
}
]
}
}
]
},
"vendor_name": "Huawei Technologies Co., Ltd."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "102262",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/102262"
},
{
"name": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en",
"refsource": "CONFIRM",
"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2017-8135",
"datePublished": "2017-11-22T19:00:00Z",
"dateReserved": "2017-04-25T00:00:00",
"dateUpdated": "2024-09-16T22:45:01.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}