CVE-2017-2719

{"id": "CVE-2017-2719", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 8.3, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 6.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-11-22T19:29:01.317", "references": [{"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en", "tags": ["Vendor Advisory"], "source": "psirt@huawei.com"}, {"url": "http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170823-01-openstack-en", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands."}, {"lang": "es", "value": "FusionSphere OpenStack con software V100R006C00 y V100R006C10RC2 tiene dos vulnerabilidades de inyecci\u00f3n de comandos debido a la validaci\u00f3n de entradas insuficiente en un puerto. Un atacante puede explotar las vulnerabilidades para obtener privilegios root mediante el env\u00edo de algunos mensajes con comandos maliciosos."}], "lastModified": "2024-11-21T03:24:02.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c00:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CB1DB1F-5CAC-486C-AECF-59E9793F50AB"}, {"criteria": "cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c10rc2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D748184C-0EC7-45B2-A19E-D6CC1B0A116F"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@huawei.com"}