CVE-2017-8193
HIGHFusionSphere OpenStack V100R006C00SPC102(NFV) - Authenticated Command Injection
Title source: llmDescription
The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en
Scores
CVSS v3
8.0
EPSS
0.0044
EPSS Percentile
63.3%
Attack Vector
ADJACENT_NETWORK
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-77
Status
published
Products (2)
huawei/fusionsphere_openstack
v100r006c00spc102\(nfv\)
Huawei Technologies Co., Ltd./FusionSphere OpenStack
V100R006C00SPC102(NFV)
Published
Nov 22, 2017
Tracked Since
Feb 18, 2026