Sign-up

ID

VAR-201711-0234


CVE

CVE-2017-2718


TITLE

FusionSphere OpenStack Software injection command vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010423

DESCRIPTION

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. FusionSphere OpenStack The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

Trust: 1.71

sources: NVD: CVE-2017-2718 // JVNDB: JVNDB-2017-010423 // VULHUB: VHN-110921

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c10rc2

Trust: 1.4

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c10

Trust: 1.0

sources: JVNDB: JVNDB-2017-010423 // CNNVD: CNNVD-201711-1006 // NVD: CVE-2017-2718

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2718
value: HIGH

Trust: 1.0

NVD: CVE-2017-2718
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-1006
value: HIGH

Trust: 0.6

VULHUB: VHN-110921
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2718
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110921
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2718
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2017-2718
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-110921 // JVNDB: JVNDB-2017-010423 // CNNVD: CNNVD-201711-1006 // NVD: CVE-2017-2718

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-110921 // JVNDB: JVNDB-2017-010423 // NVD: CVE-2017-2718

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201711-1006

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-1006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010423

PATCH
title:huawei-sa-20170823-01-openstackurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76716
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010423 // 
            
            
            
            CNNVD: CNNVD-201711-1006

EXTERNAL IDS
db:NVDid:CVE-2017-2718
Trust: 2.5
db:JVNDBid:JVNDB-2017-010423
Trust: 0.8
db:CNNVDid:CNNVD-201711-1006
Trust: 0.7
db:VULHUBid:VHN-110921
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110921 // 
            
            
            
            JVNDB: JVNDB-2017-010423 // 
            
            
            
            CNNVD: CNNVD-201711-1006 // 
            
            
            
            NVD: CVE-2017-2718

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2718
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2718
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110921 // 
            
            
            
            JVNDB: JVNDB-2017-010423 // 
            
            
            
            CNNVD: CNNVD-201711-1006 // 
            
            
            
            NVD: CVE-2017-2718

SOURCES
db:VULHUBid:VHN-110921
db:JVNDBid:JVNDB-2017-010423
db:CNNVDid:CNNVD-201711-1006
db:NVDid:CVE-2017-2718

LAST UPDATE DATE
2025-04-20T23:39:59.959000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110921date:2020-07-28T00:00:00
db:JVNDBid:JVNDB-2017-010423date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1006date:2020-07-29T00:00:00
db:NVDid:CVE-2017-2718date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110921date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010423date:2017-12-13T00:00:00
db:CNNVDid:CNNVD-201711-1006date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2718date:2017-11-22T19:29:01.287