First published: Wed Nov 22 2017(Updated: )
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
Credit: psirt@huawei.com
Affected Software | Affected Version | How to fix |
---|---|---|
Huawei FusionSphere OpenStack | =v100r006c00 | |
Huawei FusionSphere OpenStack | =v100r006c10 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-8132 is a command injection vulnerability in the FusionSphere OpenStack software versions V100R006C00 and V100R006C10.
CVE-2017-8132 has a severity rating of 8.8, which is classified as high.
The command injection vulnerability in CVE-2017-8132 occurs due to insufficient input validation on four TCP listening ports.
An unauthenticated attacker can exploit CVE-2017-8132 to gain root privileges by sending malicious messages.
To fix CVE-2017-8132, it is recommended to update the FusionSphere OpenStack software to a patched version.