32 matches found
Privilege escalation
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8187
CVE-2017-8187 affects Huawei FusionSphere OpenStack V100R006C00SPC102 (NFV). The root cause is improper privilege restrictions that could allow a high-privileged attacker to obtain other users’ certificates, enabling privilege escalation. The NVD reports a base CVSSv3 score of 7.2 (HIGH) with net...
CVE-2017-8187
Huawei FusionSphere OpenStack V100R006C00SPC102NFV has a privilege escalation vulnerability. Due to improper privilege restrictions, an attacker with high privilege may obtain the other users' certificates. Successful exploit may cause privilege escalation...
CVE-2017-8191
FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...
CVE-2017-8193
The FusionSphere OpenStack V100R006C00SPC102NFV has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands...
CVE-2017-8189
FusionSphere OpenStack V100R006C00SPC102NFVhas a path traversal vulnerability. Due to insufficient path validation, an attacker with high privilege may exploit this vulnerability to cover some files, causing services abnormal...
CVE-2017-8188
FusionSphere OpenStack V100R006C00SPC102NFVhas a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution...
CVE-2017-8191
FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...
CVE-2017-8195
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...
CVE-2017-8194
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...
CVE-2017-8198
FusionSphere V100R006C00SPC102NFV has an SQL injection vulnerability. An authenticated, remote attacker could craft interface messages carrying malicious SQL statements and send them to a target device. Successful exploit could allow the attacker to launch an SQL injection attack and execute SQL...
Command injection
The FusionSphere OpenStack V100R006C00SPC102NFV has a command injection vulnerability. Due to the insufficient input validation on one port, an authenticated, local attacker may exploit the vulnerability to gain root privileges by sending message with malicious commands...
Authentication flaw
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...
Command injection
FusionSphere V100R006C00SPC102NFV has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands...
Authentication flaw
The FusionSphere OpenStack V100R006C00SPC102NFV has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message...
Command injection
FusionSphere OpenStack V100R006C00SPC102NFVhas a command injection vulnerability. Due to lack of validation, an attacker with high privilege may inject malicious code into some module of the affected products, causing code execution...
Design/Logic Flaw
FusionSphere OpenStack V100R006C00SPC102NFVhas a week cryptographic algorithm vulnerability. Attackers may exploit the vulnerability to crack the cipher text and cause information leak on the transmission links...
CVE-2017-8195
CVE-2017-8195 affects Huawei FusionSphere OpenStack V100R006C00SPC102 (NFV). An improper authentication issue on one port allows an authenticated remote attacker to perform additional operations by sending a crafted REST message, leading to elevated access (confidentiality/integrity/availability ...
CVE-2017-8197
FusionSphere V100R006C00SPC102NFV has a command injection vulnerability. An authenticated, remote attacker could craft packets with malicious strings and send them to a target device. Successful exploit could allow the attacker to launch a command injection attack and execute system commands...