Vulnerability Details : CVE-2017-8195
The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper authentication vulnerability. Due to improper authentication on one port, an authenticated, remote attacker may exploit the vulnerability to execute more operations by send a crafted rest message.
Vulnerability category: BypassGain privilege
Products affected by CVE-2017-8195
- cpe:2.3:o:huawei:fusionsphere_openstack:v100r006c00spc102\(nfv\):*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2017-8195
0.25%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 63 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2017-8195
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2017-8195
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Primary)
References for CVE-2017-8195
-
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20170830-01-OpenStack-en
Security Advisory - Two Vulnerabilities in The FusionSphere OpenStackVendor Advisory
Jump to