Sign-up

ID

VAR-201711-0953


CVE

CVE-2017-8192


TITLE

FusionSphere OpenStack Authorization vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010572

DESCRIPTION

FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation. FusionSphere OpenStack Contains an authorization vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios

Trust: 1.71

sources: NVD: CVE-2017-8192 // JVNDB: JVNDB-2017-010572 // VULHUB: VHN-116395

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00

Trust: 2.4

sources: JVNDB: JVNDB-2017-010572 // CNNVD: CNNVD-201711-946 // NVD: CVE-2017-8192

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8192
value: HIGH

Trust: 1.0

NVD: CVE-2017-8192
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-946
value: HIGH

Trust: 0.6

VULHUB: VHN-116395
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8192
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116395
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8192
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116395 // JVNDB: JVNDB-2017-010572 // CNNVD: CNNVD-201711-946 // NVD: CVE-2017-8192

PROBLEMTYPE DATA

problemtype:CWE-863

Trust: 1.1

problemtype:CWE-285

Trust: 0.9

sources: VULHUB: VHN-116395 // JVNDB: JVNDB-2017-010572 // NVD: CVE-2017-8192

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-946

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-201711-946

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010572

PATCH
title:huawei-sa-20171025-01-fustionsphereurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76656
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010572 // 
            
            
            
            CNNVD: CNNVD-201711-946

EXTERNAL IDS
db:NVDid:CVE-2017-8192
Trust: 2.5
db:JVNDBid:JVNDB-2017-010572
Trust: 0.8
db:CNNVDid:CNNVD-201711-946
Trust: 0.7
db:VULHUBid:VHN-116395
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116395 // 
            
            
            
            JVNDB: JVNDB-2017-010572 // 
            
            
            
            CNNVD: CNNVD-201711-946 // 
            
            
            
            NVD: CVE-2017-8192

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171025-01-fustionsphere-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8192
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8192
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116395 // 
            
            
            
            JVNDB: JVNDB-2017-010572 // 
            
            
            
            CNNVD: CNNVD-201711-946 // 
            
            
            
            NVD: CVE-2017-8192

SOURCES
db:VULHUBid:VHN-116395
db:JVNDBid:JVNDB-2017-010572
db:CNNVDid:CNNVD-201711-946
db:NVDid:CVE-2017-8192

LAST UPDATE DATE
2025-04-20T23:32:47.628000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116395date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010572date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-946date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8192date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116395date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010572date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-946date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8192date:2017-11-22T19:29:04.710