Sign-up

ID

VAR-201711-1013


CVE

CVE-2017-8198


TITLE

FusionSphere In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2017-010578

DESCRIPTION

FusionSphere V100R006C00SPC102(NFV) has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. FusionSphere Is SQL An injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere is a cloud operating system developed by China's Huawei (Huawei) based on the OpenStack framework. The system provides virtualization functions, resource pool management and cloud basic service tools, etc. The vulnerability is caused by insufficient verification input on the device

Trust: 1.71

sources: NVD: CVE-2017-8198 // JVNDB: JVNDB-2017-010578 // VULHUB: VHN-116401

AFFECTED PRODUCTS

vendor:huaweimodel:fusionspherescope:eqversion:v100r006c00spc102\(nfv\)

Trust: 1.6

vendor:huaweimodel:fusionspherescope:eqversion:v100r006c00spc102 (nfv)

Trust: 0.8

sources: JVNDB: JVNDB-2017-010578 // CNNVD: CNNVD-201711-940 // NVD: CVE-2017-8198

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8198
value: HIGH

Trust: 1.0

NVD: CVE-2017-8198
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201711-940
value: MEDIUM

Trust: 0.6

VULHUB: VHN-116401
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8198
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116401
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8198
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116401 // JVNDB: JVNDB-2017-010578 // CNNVD: CNNVD-201711-940 // NVD: CVE-2017-8198

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.9

sources: VULHUB: VHN-116401 // JVNDB: JVNDB-2017-010578 // NVD: CVE-2017-8198

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201711-940

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-201711-940

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-010578

PATCH
title:huawei-sa-20170913-01-fusionsphereurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en
Trust: 0.8
title:Huawei FusionSphere SQL Repair measures for injecting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=76650
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-010578 // 
            
            
            
            CNNVD: CNNVD-201711-940

EXTERNAL IDS
db:NVDid:CVE-2017-8198
Trust: 2.5
db:JVNDBid:JVNDB-2017-010578
Trust: 0.8
db:CNNVDid:CNNVD-201711-940
Trust: 0.7
db:VULHUBid:VHN-116401
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116401 // 
            
            
            
            JVNDB: JVNDB-2017-010578 // 
            
            
            
            CNNVD: CNNVD-201711-940 // 
            
            
            
            NVD: CVE-2017-8198

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8198
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8198
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116401 // 
            
            
            
            JVNDB: JVNDB-2017-010578 // 
            
            
            
            CNNVD: CNNVD-201711-940 // 
            
            
            
            NVD: CVE-2017-8198

SOURCES
db:VULHUBid:VHN-116401
db:JVNDBid:JVNDB-2017-010578
db:CNNVDid:CNNVD-201711-940
db:NVDid:CVE-2017-8198

LAST UPDATE DATE
2025-04-20T23:34:15.843000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116401date:2017-12-08T00:00:00
db:JVNDBid:JVNDB-2017-010578date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-940date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8198date:2025-04-20T01:37:25.860

SOURCES RELEASE DATE
db:VULHUBid:VHN-116401date:2017-11-22T00:00:00
db:JVNDBid:JVNDB-2017-010578date:2017-12-19T00:00:00
db:CNNVDid:CNNVD-201711-940date:2017-11-23T00:00:00
db:NVDid:CVE-2017-8198date:2017-11-22T19:29:04.927