Sign-up

ID

VAR-201711-0954


CVE

CVE-2017-8193


TITLE

FusionSphere OpenStack Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010573

DESCRIPTION

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands. FusionSphere OpenStack Contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. The vulnerability is caused by insufficient verification input of the program

Trust: 1.71

sources: NVD: CVE-2017-8193 // JVNDB: JVNDB-2017-010573 // VULHUB: VHN-116396

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102\(nfv\)

Trust: 1.6

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102 (nfv)

Trust: 0.8

sources: JVNDB: JVNDB-2017-010573 // CNNVD: CNNVD-201711-945 // NVD: CVE-2017-8193

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8193
value: HIGH

Trust: 1.0

NVD: CVE-2017-8193
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-945
value: HIGH

Trust: 0.6

VULHUB: VHN-116396
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8193
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116396
severity: HIGH
baseScore: 7.7
vectorString: AV:A/AC:L/AU:S/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 5.1
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8193
baseSeverity: HIGH
baseScore: 8.0
vectorString: CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.1
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116396 // JVNDB: JVNDB-2017-010573 // CNNVD: CNNVD-201711-945 // NVD: CVE-2017-8193

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-116396 // JVNDB: JVNDB-2017-010573 // NVD: CVE-2017-8193

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201711-945

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-945

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010573

PATCH
title:huawei-sa-20170830-01-OpenStackurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76655
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010573 // 
            
            
            
            CNNVD: CNNVD-201711-945

EXTERNAL IDS
db:NVDid:CVE-2017-8193
Trust: 2.5
db:JVNDBid:JVNDB-2017-010573
Trust: 0.8
db:CNNVDid:CNNVD-201711-945
Trust: 0.7
db:VULHUBid:VHN-116396
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116396 // 
            
            
            
            JVNDB: JVNDB-2017-010573 // 
            
            
            
            CNNVD: CNNVD-201711-945 // 
            
            
            
            NVD: CVE-2017-8193

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-openstack-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8193
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8193
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116396 // 
            
            
            
            JVNDB: JVNDB-2017-010573 // 
            
            
            
            CNNVD: CNNVD-201711-945 // 
            
            
            
            NVD: CVE-2017-8193

SOURCES
db:VULHUBid:VHN-116396
db:JVNDBid:JVNDB-2017-010573
db:CNNVDid:CNNVD-201711-945
db:NVDid:CVE-2017-8193

LAST UPDATE DATE
2025-04-20T23:24:50.434000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116396date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010573date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-945date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8193date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116396date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010573date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-945date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8193date:2017-11-22T19:29:04.740