Sign-up

ID

VAR-201711-0951


CVE

CVE-2017-8190


TITLE

FusionSphere OpenStack Vulnerability in digital signature verification

Trust: 0.8

sources: JVNDB: JVNDB-2017-010570

DESCRIPTION

FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software. FusionSphere OpenStack Contains a vulnerability in the verification of digital signatures.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

Trust: 1.71

sources: NVD: CVE-2017-8190 // JVNDB: JVNDB-2017-010570 // VULHUB: VHN-116393

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102\(nfv\)

Trust: 1.6

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102 (nfv)

Trust: 0.8

sources: JVNDB: JVNDB-2017-010570 // CNNVD: CNNVD-201711-948 // NVD: CVE-2017-8190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8190
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8190
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-948
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116393
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8190
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116393
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8190
baseSeverity: MEDIUM
baseScore: 6.7
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 0.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116393 // JVNDB: JVNDB-2017-010570 // CNNVD: CNNVD-201711-948 // NVD: CVE-2017-8190

PROBLEMTYPE DATA

problemtype:CWE-347

Trust: 1.9

sources: VULHUB: VHN-116393 // JVNDB: JVNDB-2017-010570 // NVD: CVE-2017-8190

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-948

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-948

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010570

PATCH
title:huawei-sa-20171018-01-fusionsphereurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76658
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010570 // 
            
            
            
            CNNVD: CNNVD-201711-948

EXTERNAL IDS
db:NVDid:CVE-2017-8190
Trust: 2.5
db:JVNDBid:JVNDB-2017-010570
Trust: 0.8
db:CNNVDid:CNNVD-201711-948
Trust: 0.7
db:VULHUBid:VHN-116393
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116393 // 
            
            
            
            JVNDB: JVNDB-2017-010570 // 
            
            
            
            CNNVD: CNNVD-201711-948 // 
            
            
            
            NVD: CVE-2017-8190

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8190
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8190
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116393 // 
            
            
            
            JVNDB: JVNDB-2017-010570 // 
            
            
            
            CNNVD: CNNVD-201711-948 // 
            
            
            
            NVD: CVE-2017-8190

SOURCES
db:VULHUBid:VHN-116393
db:JVNDBid:JVNDB-2017-010570
db:CNNVDid:CNNVD-201711-948
db:NVDid:CVE-2017-8190

LAST UPDATE DATE
2025-04-20T23:12:44.484000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116393date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010570date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-948date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8190date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116393date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010570date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-948date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8190date:2017-11-22T19:29:04.630