exploitDog

CVE-2017-8193

Опубликовано: 22 нояб. 2017

Источник: nvd

CVSS3: 8

CVSS2: 7.7

EPSS Низкий

Описание

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

Ссылки

http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en
Vendor Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c00spc102\(nfv\):*:*:*:*:*:*:*

EPSS

Процентиль: 63%

0.00438

Низкий

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-77

Связанные уязвимости

GHSA-54gh-5r45-9v33

CVSS3: 8

github

больше 3 лет назад

The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands.

EPSS

Процентиль: 63%

0.00438

Низкий

8 High

CVSS3

7.7 High

CVSS2

Дефекты

CWE-77