Sign-up

ID

VAR-201711-0995


CVE

CVE-2017-8158


TITLE

FusionCompute Permissions vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010632

DESCRIPTION

FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable. FusionCompute Contains a permission vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Huawei FusionCompute is an enterprise-level open server virtualization solution based on Xen open source design developed by China's Huawei (Huawei). The solution provides automation, advanced integration and management capabilities for virtualized data centers. There is a security vulnerability in Huawei FusionCompute V100R005C00 and V100R005C10

Trust: 1.71

sources: NVD: CVE-2017-8158 // JVNDB: JVNDB-2017-010632 // VULHUB: VHN-116361

AFFECTED PRODUCTS

vendor:huaweimodel:fusioncomputescope:eqversion:v100r005c00

Trust: 2.4

vendor:huaweimodel:fusioncomputescope:eqversion:v100r005c10

Trust: 2.4

sources: JVNDB: JVNDB-2017-010632 // CNNVD: CNNVD-201711-973 // NVD: CVE-2017-8158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8158
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-8158
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201711-973
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116361
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8158
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116361
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8158
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 4.0
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116361 // JVNDB: JVNDB-2017-010632 // CNNVD: CNNVD-201711-973 // NVD: CVE-2017-8158

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:CWE-275

Trust: 0.9

sources: VULHUB: VHN-116361 // JVNDB: JVNDB-2017-010632 // NVD: CVE-2017-8158

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201711-973

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201711-973

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010632

PATCH
title:huawei-sa-20170927-01-dosurl:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en
Trust: 0.8
title:Huawei FusionCompute Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76683
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010632 // 
            
            
            
            CNNVD: CNNVD-201711-973

EXTERNAL IDS
db:NVDid:CVE-2017-8158
Trust: 2.5
db:JVNDBid:JVNDB-2017-010632
Trust: 0.8
db:CNNVDid:CNNVD-201711-973
Trust: 0.7
db:VULHUBid:VHN-116361
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116361 // 
            
            
            
            JVNDB: JVNDB-2017-010632 // 
            
            
            
            CNNVD: CNNVD-201711-973 // 
            
            
            
            NVD: CVE-2017-8158

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8158
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8158
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116361 // 
            
            
            
            JVNDB: JVNDB-2017-010632 // 
            
            
            
            CNNVD: CNNVD-201711-973 // 
            
            
            
            NVD: CVE-2017-8158

SOURCES
db:VULHUBid:VHN-116361
db:JVNDBid:JVNDB-2017-010632
db:CNNVDid:CNNVD-201711-973
db:NVDid:CVE-2017-8158

LAST UPDATE DATE
2025-04-20T23:32:47.580000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116361date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-010632date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-973date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8158date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116361date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010632date:2017-12-20T00:00:00
db:CNNVDid:CNNVD-201711-973date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8158date:2017-11-22T19:29:03.647