Sign-up

ID

VAR-201803-1366


CVE

CVE-2017-8187


TITLE

Huawei FusionSphere OpenStack Vulnerabilities related to authorization, permissions, and access control

Trust: 0.8

sources: JVNDB: JVNDB-2017-012983

DESCRIPTION

Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation. Huawei FusionSphere OpenStack Contains vulnerabilities related to authorization, permissions, and access control.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Huawei FusionSphere OpenStack is a set of cloud platform software for FusionSphere (cloud operating system) of Huawei in China in ICT scenarios. An attacker could exploit this vulnerability to elevate privileges

Trust: 1.71

sources: NVD: CVE-2017-8187 // JVNDB: JVNDB-2017-012983 // VULHUB: VHN-116390

AFFECTED PRODUCTS

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102\(nfv\)

Trust: 1.6

vendor:huaweimodel:fusionsphere openstackscope:eqversion:v100r006c00spc102(nfv)

Trust: 0.8

sources: JVNDB: JVNDB-2017-012983 // CNNVD: CNNVD-201803-715 // NVD: CVE-2017-8187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-8187
value: HIGH

Trust: 1.0

NVD: CVE-2017-8187
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201803-715
value: HIGH

Trust: 0.6

VULHUB: VHN-116390
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-8187
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-116390
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2017-8187
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-116390 // JVNDB: JVNDB-2017-012983 // CNNVD: CNNVD-201803-715 // NVD: CVE-2017-8187

PROBLEMTYPE DATA

problemtype:CWE-269

Trust: 1.1

problemtype:CWE-264

Trust: 0.9

sources: VULHUB: VHN-116390 // JVNDB: JVNDB-2017-012983 // NVD: CVE-2017-8187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-715

TYPE

permissions and access control issues

Trust: 0.6

sources: CNNVD: CNNVD-201803-715

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-012983

PATCH
title:huawei-sa-20171018-01-fusionsphereurl:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en
Trust: 0.8
title:Huawei FusionSphere OpenStack Fixes for permission permissions and access control vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79315
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2017-012983 // 
            
            
            
            CNNVD: CNNVD-201803-715

EXTERNAL IDS
db:NVDid:CVE-2017-8187
Trust: 2.5
db:JVNDBid:JVNDB-2017-012983
Trust: 0.8
db:CNNVDid:CNNVD-201803-715
Trust: 0.7
db:VULHUBid:VHN-116390
Trust: 0.1
sources:
            
            
            VULHUB: VHN-116390 // 
            
            
            
            JVNDB: JVNDB-2017-012983 // 
            
            
            
            CNNVD: CNNVD-201803-715 // 
            
            
            
            NVD: CVE-2017-8187

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171018-01-fusionsphere-en
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-8187
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-8187
Trust: 0.8
sources:
            
            
            VULHUB: VHN-116390 // 
            
            
            
            JVNDB: JVNDB-2017-012983 // 
            
            
            
            CNNVD: CNNVD-201803-715 // 
            
            
            
            NVD: CVE-2017-8187

SOURCES
db:VULHUBid:VHN-116390
db:JVNDBid:JVNDB-2017-012983
db:CNNVDid:CNNVD-201803-715
db:NVDid:CVE-2017-8187

LAST UPDATE DATE
2024-11-23T22:30:29.094000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-116390date:2019-10-03T00:00:00
db:JVNDBid:JVNDB-2017-012983date:2018-05-15T00:00:00
db:CNNVDid:CNNVD-201803-715date:2019-10-23T00:00:00
db:NVDid:CVE-2017-8187date:2024-11-21T03:33:29.787

SOURCES RELEASE DATE
db:VULHUBid:VHN-116390date:2018-03-20T00:00:00
db:JVNDBid:JVNDB-2017-012983date:2018-05-15T00:00:00
db:CNNVDid:CNNVD-201803-715date:2018-03-21T00:00:00
db:NVDid:CVE-2017-8187date:2018-03-20T15:29:00.597