First published: Wed Nov 22 2017(Updated: )
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei FusionSphere OpenStack | =v100r006c00 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this information exposure vulnerability in FusionSphere OpenStack V100R006C00 is CVE-2017-2720.
The severity of CVE-2017-2720 is medium with a CVSS score of 5.3.
This vulnerability in FusionSphere OpenStack V100R006C00 exposes information by using a hard-coded cryptographic key to encrypt messages, which increases the possibility that encrypted data may be recovered and results in information exposure.
The affected software version of this vulnerability in FusionSphere OpenStack is V100R006C00.
To fix CVE-2017-2720, it is recommended to apply the patches or updates provided by Huawei FusionSphere OpenStack.