Sign-up

ID

VAR-201711-0235


CVE

CVE-2017-2719


TITLE

FusionSphere OpenStack Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010606

DESCRIPTION

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. FusionSphere OpenStack Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

Trust: 1.71

sources: NVD: CVE-2017-2719 // JVNDB: JVNDB-2017-010606 // VULHUB: VHN-110922

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c10rc2

Trust: 2.4

sources: JVNDB: JVNDB-2017-010606 // CNNVD: CNNVD-201711-1005 // NVD: CVE-2017-2719

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2719
value: HIGH

Trust: 1.0

NVD: CVE-2017-2719
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-1005
value: HIGH

Trust: 0.6

VULHUB: VHN-110922
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-2719
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110922
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2719
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110922 // JVNDB: JVNDB-2017-010606 // CNNVD: CNNVD-201711-1005 // NVD: CVE-2017-2719

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-110922 // JVNDB: JVNDB-2017-010606 // NVD: CVE-2017-2719

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201711-1005

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-1005

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010606

PATCH
title:huawei-sa-20170823-01-openstackurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76715
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010606 // 
            
            
            
            CNNVD: CNNVD-201711-1005

EXTERNAL IDS
db:NVDid:CVE-2017-2719
Trust: 2.5
db:JVNDBid:JVNDB-2017-010606
Trust: 0.8
db:CNNVDid:CNNVD-201711-1005
Trust: 0.7
db:VULHUBid:VHN-110922
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110922 // 
            
            
            
            JVNDB: JVNDB-2017-010606 // 
            
            
            
            CNNVD: CNNVD-201711-1005 // 
            
            
            
            NVD: CVE-2017-2719

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2719
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2719
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110922 // 
            
            
            
            JVNDB: JVNDB-2017-010606 // 
            
            
            
            CNNVD: CNNVD-201711-1005 // 
            
            
            
            NVD: CVE-2017-2719

SOURCES
db:VULHUBid:VHN-110922
db:JVNDBid:JVNDB-2017-010606
db:CNNVDid:CNNVD-201711-1005
db:NVDid:CVE-2017-2719

LAST UPDATE DATE
2025-04-20T23:42:04.568000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110922date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010606date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-1005date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2719date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110922date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010606date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-1005date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2719date:2017-11-22T19:29:01.317