Details of VAR-201711-0973

ID

VAR-201711-0973

CVE

CVE-2017-8135

TITLE

FusionSphere OpenStack Software injection command vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010460

DESCRIPTION

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands. FusionSphere OpenStack The software contains a command injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is prone to multiple command-injection vulnerabilities. An attacker may exploit these issues to execute arbitrary code within the context of the affected application; this may aid in further attacks. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. There is a command injection vulnerability in Huawei FusionSphere OpenStack V100R006C00 and V100R006C10

Trust: 1.98

sources: NVD: CVE-2017-8135 // JVNDB: JVNDB-2017-010460 // BID: 102262 // VULHUB: VHN-116338

AFFECTED PRODUCTS

vendor:	huawei	model:	fusionsphere openstack	scope:	eq	version:	v100r006c00	Trust: 2.4
vendor:	huawei	model:	fusionsphere openstack	scope:	eq	version:	v100r006c10	Trust: 2.4
vendor:	huawei	model:	fusionsphere openstack v100r006c10	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusionsphere openstack v100r006c00	scope:	-	version:	-	Trust: 0.3
vendor:	huawei	model:	fusionsphere openstack v100r006c10spc100	scope:	ne	version:	-	Trust: 0.3
vendor:	huawei	model:	fusionsphere openstack v100r006c00spc106	scope:	ne	version:	-	Trust: 0.3

sources: BID: 102262 // JVNDB: JVNDB-2017-010460 // CNNVD: CNNVD-201706-010 // NVD: CVE-2017-8135

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2017-8135
value:	HIGH
Trust: 1.0
NVD:	CVE-2017-8135
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201706-010
value:	HIGH
Trust: 0.6
VULHUB:	VHN-116338
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2017-8135
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-116338
severity:	HIGH
baseScore:	8.3
vectorString:	AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector:	ADJACENT_NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	6.5
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2017-8135
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-116338 // JVNDB: JVNDB-2017-010460 // CNNVD: CNNVD-201706-010 // NVD: CVE-2017-8135

PROBLEMTYPE DATA

problemtype:

CWE-77

Trust: 1.9

sources: VULHUB: VHN-116338 // JVNDB: JVNDB-2017-010460 // NVD: CVE-2017-8135

THREAT TYPE

specific network environment

Trust: 0.6

sources: CNNVD: CNNVD-201706-010

TYPE

command injection

Trust: 0.6

sources: CNNVD: CNNVD-201706-010

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-010460

PATCH

title:	huawei-sa-20170531-01-openstack	url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en	Trust: 0.8
title:	Huawei FusionSphere and FusionSphere OpenStack Fixes for command injection vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=70663	Trust: 0.6

sources: JVNDB: JVNDB-2017-010460 // CNNVD: CNNVD-201706-010

EXTERNAL IDS

db:	NVD	id:	CVE-2017-8135	Trust: 2.8
db:	BID	id:	102262	Trust: 1.4
db:	JVNDB	id:	JVNDB-2017-010460	Trust: 0.8
db:	CNNVD	id:	CNNVD-201706-010	Trust: 0.7
db:	VULHUB	id:	VHN-116338	Trust: 0.1

sources: VULHUB: VHN-116338 // BID: 102262 // JVNDB: JVNDB-2017-010460 // CNNVD: CNNVD-201706-010 // NVD: CVE-2017-8135

REFERENCES

url:	http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstack-en	Trust: 2.0
url:	http://www.securityfocus.com/bid/102262	Trust: 1.1
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8135	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2017-8135	Trust: 0.8
url:	http://www.huawei.com/en/	Trust: 0.3

sources: VULHUB: VHN-116338 // BID: 102262 // JVNDB: JVNDB-2017-010460 // CNNVD: CNNVD-201706-010 // NVD: CVE-2017-8135

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 102262

SOURCES

db:	VULHUB	id:	VHN-116338
db:	BID	id:	102262
db:	JVNDB	id:	JVNDB-2017-010460
db:	CNNVD	id:	CNNVD-201706-010
db:	NVD	id:	CVE-2017-8135

LAST UPDATE DATE

2025-04-20T23:15:50.568000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-116338	date:	2017-12-27T00:00:00
db:	BID	id:	102262	date:	2017-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010460	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201706-010	date:	2017-12-26T00:00:00
db:	NVD	id:	CVE-2017-8135	date:	2025-04-20T01:37:25.860

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-116338	date:	2017-11-22T00:00:00
db:	BID	id:	102262	date:	2017-12-22T00:00:00
db:	JVNDB	id:	JVNDB-2017-010460	date:	2017-12-14T00:00:00
db:	CNNVD	id:	CNNVD-201706-010	date:	2017-05-31T00:00:00
db:	NVD	id:	CVE-2017-8135	date:	2017-11-22T19:29:02.787