First published: Wed Nov 22 2017(Updated: )
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei FusionSphere OpenStack | =v100r006c00 | |
Huawei FusionSphere OpenStack | =v100r006c10rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-2719 is a command injection vulnerability in FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2.
CVE-2017-2719 has a severity score of 8.8 (high).
An attacker can exploit the vulnerability to gain root privileges by sending malicious commands.
FusionSphere OpenStack V100R006C00 and V100R006C10RC2 are affected by CVE-2017-2719.
Update your FusionSphere OpenStack software to a patched version provided by Huawei.