CVE-2017-8132 Vulnerability Details

  /     /     /  

CVE-2017-8132 Metadata Quick Info

CVE Published: 22/11/2017 | CVE Updated: 16/09/2024 | CVE Year: 2017
Source: huawei | Vendor: Huawei Technologies Co., Ltd. | Product: FusionSphere OpenStack
Status : PUBLISHED

CVE-2017-8132 Description

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Command Injection
Source: Huawei Technologies Co., Ltd.

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description: