Vulnerability Description
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Huawei | Fusionsphere Openstack | v100r006c00 |
Related Weaknesses (CWE)
References
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstaVendor Advisory
- http://www.securityfocus.com/bid/102262
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170531-01-openstaVendor Advisory
- http://www.securityfocus.com/bid/102262
FAQ
What is CVE-2017-8135?
CVE-2017-8135 is a vulnerability with a CVSS score of 8.8 (HIGH). The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated atta...
How severe is CVE-2017-8135?
CVE-2017-8135 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-8135?
Check the references section above for vendor advisories and patch information. Affected products include: Huawei Fusionsphere Openstack.