CVE-2017-2719
HIGHFusionSphere OpenStack V100R006C00 and V100R006C10RC2 - Command Injection via Port Input
Title source: llmDescription
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en
Scores
CVSS v3
8.8
EPSS
0.0044
EPSS Percentile
63.6%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (5)
huawei/fusionsphere_openstack
v100r006c00
huawei/fusionsphere_openstack
v100r006c10rc2
Huawei Technologies Co., Ltd./FusionSphere OpenStack
¬
Huawei Technologies Co., Ltd./FusionSphere OpenStack
V100R006C00£
Huawei Technologies Co., Ltd./FusionSphere OpenStack
V100R006C10RC2
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026