9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
53.3%
There is an incorrect authorization vulnerability in Huawei FusionSphere. An authenticated attacker could execute commands that he/she should have had no permission to perform, thereby querying, modifying, and deleting certain service data and making the service unavailable. (Vulnerability ID: HWPSIRT-2017-06166)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8196.
There is a command injection vulnerability in Huawei FusionSphere due to insufficient input validation. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands. (Vulnerability ID: HWPSIRT-2017-06167)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8197.
There is an SQL injection vulnerability in Huawei FusionSphere due to the insufficient input validation. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL commands. (Vulnerability ID: HWPSIRT-2017-06168)
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-8198.
Huawei has released software updates to fix these vulnerabilities. This advisory is available at the following link:
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170913-01-fusionsphere-en
CPE | Name | Operator | Version |
---|---|---|---|
fusionsphere | eq | V100R006C00SPC102 |
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
53.3%