Sign-up

ID

VAR-201711-0236


CVE

CVE-2017-2720


TITLE

FusionSphere OpenStack Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2017-010607

DESCRIPTION

FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure. FusionSphere OpenStack Contains an information disclosure vulnerability.Information may be obtained. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. The vulnerability is caused by the program using a hard encryption key to encrypt messages between firmwares

Trust: 1.71

sources: NVD: CVE-2017-2720 // JVNDB: JVNDB-2017-010607 // VULHUB: VHN-110923

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00

Trust: 2.4

sources: JVNDB: JVNDB-2017-010607 // CNNVD: CNNVD-201711-1004 // NVD: CVE-2017-2720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-2720
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-2720
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-1004
value: MEDIUM

Trust: 0.6

VULHUB: VHN-110923
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-2720
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-110923
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-2720
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-110923 // JVNDB: JVNDB-2017-010607 // CNNVD: CNNVD-201711-1004 // NVD: CVE-2017-2720

PROBLEMTYPE DATA

problemtype:CWE-798

Trust: 1.1

problemtype:CWE-200

Trust: 0.9

sources: VULHUB: VHN-110923 // JVNDB: JVNDB-2017-010607 // NVD: CVE-2017-2720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-1004

TYPE

trust management problem

Trust: 0.6

sources: CNNVD: CNNVD-201711-1004

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010607

PATCH
title:huawei-sa-20170920-01-fusionsphereurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76714
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010607 // 
            
            
            
            CNNVD: CNNVD-201711-1004

EXTERNAL IDS
db:NVDid:CVE-2017-2720
Trust: 2.5
db:JVNDBid:JVNDB-2017-010607
Trust: 0.8
db:CNNVDid:CNNVD-201711-1004
Trust: 0.7
db:VULHUBid:VHN-110923
Trust: 0.1
sources:
            
            
            VULHUB: VHN-110923 // 
            
            
            
            JVNDB: JVNDB-2017-010607 // 
            
            
            
            CNNVD: CNNVD-201711-1004 // 
            
            
            
            NVD: CVE-2017-2720

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170920-01-fusionsphere-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-2720
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-2720
Trust: 0.8
sources:
            
            
            VULHUB: VHN-110923 // 
            
            
            
            JVNDB: JVNDB-2017-010607 // 
            
            
            
            CNNVD: CNNVD-201711-1004 // 
            
            
            
            NVD: CVE-2017-2720

SOURCES
db:VULHUBid:VHN-110923
db:JVNDBid:JVNDB-2017-010607
db:CNNVDid:CNNVD-201711-1004
db:NVDid:CVE-2017-2720

LAST UPDATE DATE
2025-04-20T23:34:16.668000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-110923date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010607date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-1004date:2019-10-23T00:00:00
db:NVDid:CVE-2017-2720date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-110923date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010607date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-1004date:2017-11-24T00:00:00
db:NVDid:CVE-2017-2720date:2017-11-22T19:29:01.350