Sign-up

ID

VAR-201711-0972


CVE

CVE-2017-8134


TITLE

FusionSphere OpenStack Software injection command vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010459

DESCRIPTION

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. FusionSphere OpenStack The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. There is a command injection vulnerability in Huawei FusionSphere OpenStack V100R006C00 and V100R006C10

Trust: 1.71

sources: NVD: CVE-2017-8134 // JVNDB: JVNDB-2017-010459 // VULHUB: VHN-116337

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00

Trust: 2.4

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c10

Trust: 2.4

sources: JVNDB: JVNDB-2017-010459 // CNNVD: CNNVD-201706-009 // NVD: CVE-2017-8134

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8134
value: HIGH

Trust: 1.0

NVD: CVE-2017-8134
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201706-009
value: HIGH

Trust: 0.6

VULHUB: VHN-116337
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2017-8134
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116337
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8134
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116337 // JVNDB: JVNDB-2017-010459 // CNNVD: CNNVD-201706-009 // NVD: CVE-2017-8134

PROBLEMTYPE DATA

problemtype:CWE-77

Trust: 1.9

sources: VULHUB: VHN-116337 // JVNDB: JVNDB-2017-010459 // NVD: CVE-2017-8134

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201706-009

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-009

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010459

PATCH
title:huawei-sa-20170531-01-openstackurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en
Trust: 0.8
title:Huawei FusionSphere  and FusionSphere OpenStack Fixes for command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70662
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010459 // 
            
            
            
            CNNVD: CNNVD-201706-009

EXTERNAL IDS
db:NVDid:CVE-2017-8134
Trust: 2.5
db:JVNDBid:JVNDB-2017-010459
Trust: 0.8
db:CNNVDid:CNNVD-201706-009
Trust: 0.7
db:VULHUBid:VHN-116337
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116337 // 
            
            
            
            JVNDB: JVNDB-2017-010459 // 
            
            
            
            CNNVD: CNNVD-201706-009 // 
            
            
            
            NVD: CVE-2017-8134

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8134
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8134
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116337 // 
            
            
            
            JVNDB: JVNDB-2017-010459 // 
            
            
            
            CNNVD: CNNVD-201706-009 // 
            
            
            
            NVD: CVE-2017-8134

SOURCES
db:VULHUBid:VHN-116337
db:JVNDBid:JVNDB-2017-010459
db:CNNVDid:CNNVD-201706-009
db:NVDid:CVE-2017-8134

LAST UPDATE DATE
2025-04-20T23:12:44.459000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116337date:2017-12-06T00:00:00
db:JVNDBid:JVNDB-2017-010459date:2017-12-14T00:00:00
db:CNNVDid:CNNVD-201706-009date:2017-12-26T00:00:00
db:NVDid:CVE-2017-8134date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116337date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010459date:2017-12-14T00:00:00
db:CNNVDid:CNNVD-201706-009date:2017-05-31T00:00:00
db:NVDid:CVE-2017-8134date:2017-11-22T19:29:02.757