CVE-2017-2718

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.

CVSS v3 8.8 HIGH
CVSS v2.0 8.3 HIGH

8.8^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector ADJACENT_NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

8.3^/10

CVSS v2.0 : HIGH

Vector : AV:A/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 6.5 / Impact : 10.0

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c00:::::::*
	cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c10:rc2::::::

History

No history.

Information

Published : 2017-11-22 19:29

Updated : 2024-02-28 16:04

NVD link : CVE-2017-2718

Mitre link : CVE-2017-2718

CVE.ORG link : CVE-2017-2718

JSON object : View

Products Affected

huawei

fusionsphere_openstack

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2017-2718", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-22T19:29:01.287", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."}, {"lang": "es", "value": "FusionSphere OpenStack con software V100R006C00 y V100R006C10RC2 tiene dos vulnerabilidades de inyecci\u00f3n de comandos debido a la validaci\u00f3n de entradas insuficiente en un puerto. Un atacante puede explotar las vulnerabilidades para obtener privilegios root mediante el env\u00edo de algunos mensajes con comandos maliciosos."}], "lastModified": "2020-07-28T14:51:03.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CB1DB1F-5CAC-486C-AECF-59E9793F50AB"}, {"criteria": "cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c10:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30BCE00-531D-43BA-932C-ABA73E16DB4D"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}