Huawei: >> Fusionsphere Openstack >> v100r006c00 Security Vulnerabilities
FusionSphere OpenStack V100R006C00 has an improper authorization vulnerability. Due to improper authorization, an attacker with low privilege may exploit this vulnerability to obtain the operation authority of some specific directory, causing privilege escalation.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-22
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-11-22
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-11-22
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.003
Published
2017-11-22
The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.005
Published
2017-11-22
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-11-22
FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands.
CVSS Score
8.8
EPSS Score
0.004
Published
2017-11-22
FusionSphere OpenStack V100R006C00 has an information exposure vulnerability. The software uses hard-coded cryptographic key to encrypt messages between certain components, which significantly increases the possibility that encrypted data may be recovered and results in information exposure.
CVSS Score
5.3
EPSS Score
0.001
Published
2017-11-22