CVE-2017-8168

CVE-2017-8168 affects Huawei FusionSphere OpenStack (FusionSphere OpenStack) with software V100R006C00SPC102(NFV) and V100R006C10. The root cause is an incorrect configuration item that leaves information transmitted over a channel unencrypted, allowing an attacker with internal-network access to...

CVE-2017-8194

The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...

CVE-2017-8191

FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...

CVE-2017-2719

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands...

CVE-2017-8134

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...

CVE-2017-8191

The CVE-2017-8191 entry affects FusionSphere OpenStack (FusionSphere OpenStack V100R006C00SPC102 NFV). Description confirms a weak/cryptographic algorithm vulnerability that can allow attackers to crack ciphertext and cause information leakage on transmission links (impact: confidentiality). The ...

CVE-2017-8135

CVE-2017-8135 affects Huawei FusionSphere/OpenStack (V100R006C00/C10). The root cause is insufficient input validation on four TCP listening ports, enabling an unauthenticated attacker to inject commands and gain root privileges. The vulnerability is documented across multiple sources (NVD, CVE l...

CVE-2017-8132

CVE-2017-8132 affects Huawei FusionSphere OpenStack (software versions V100R006C00 and V100R006C10). The vulnerability is a command injection due to insufficient input validation on four TCP listening ports, allowing an unauthenticated attacker to gain root privileges by sending malicious command...

CVE-2017-8131

The FusionSphere OpenStack with software V100R006C00 and V100R006C10 has a command injection vulnerability due to the insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit the vulnerabilities to gain root privileges by sending some messages with...

CVE-2017-2718

FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 has two command injection vulnerabilities due to the insufficient input validation on one port. An attacker can exploit the vulnerabilities to gain root privileges by sending some messages with malicious commands...

CVE-2017-8190

FusionSphere OpenStack V100R006C00SPC102NFVhas an improper verification of cryptographic signature vulnerability. The software does not verify the cryptographic signature. An attacker with high privilege may exploit this vulnerability to inject malicious software...

CVE-2017-8188

CVE-2017-8188 affects Huawei FusionSphere/OpenStack (FusionSphere OpenStack V100R006C00SPC102(NFV)). The vulnerability is a command injection caused by insufficient input validation, enabling a high-privilege attacker to inject code and achieve code execution in affected modules. Exploitation det...

CVE-2017-8131

The CVE-2017-8131 entry applies to FusionSphere OpenStack (software versions V100R006C00/V100R006C10). It describes a command injection vulnerability caused by insufficient input validation on four TCP listening ports, allowing an unauthenticated attacker to execute commands and gain root privile...

CVE-2017-8189

FusionSphere OpenStack V100R006C00SPC102NFVhas a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal...

CVE-2017-8188

FusionSphere OpenStack V100R006C00SPC102NFVhas a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution...

CVE-2017-8195

CVE-2017-8195 affects Huawei FusionSphere OpenStack V100R006C00SPC102 (NFV). An improper authentication issue on one port allows an authenticated remote attacker to perform additional operations by sending a crafted REST message, leading to elevated access (confidentiality/integrity/availability ...

CVE-2017-8189

CVE-2017-8189 is a path traversal vulnerability in Huawei FusionSphere OpenStack, affecting FusionSphere OpenStack V100R006C00SPC102 (NFV). Root cause: insufficient path validation. A high-privilege attacker could traverse paths and overwrite/cover files, leading to service disruption (as per Hua...

CVE-2017-8190

CVE-2017-8190 is reported for FusionSphere OpenStack (V100R006C00SPC102 NFV) with an improper verification of cryptographic signatures. The underlying issue is that the software does not verify the cryptographic signature, enabling a high-privilege attacker to inject malicious software. The NVD e...

CVE-2017-8195

The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...

CVE-2017-2720

The CVE-2017-2720 issue affects Huawei FusionSphere OpenStack V100R006C00, where an information-exposure vulnerability stems from a hard-coded cryptographic key used to encrypt inter-component messages. This design flaw can increase the risk of encrypted data being recovered. Huawei’s Security Ad...