Huawei: >> Fusionsphere Openstack Security Vulnerabilities
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-11-22
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-11-22
Page 3