Command Injection Vulnerability in Huawei FusionSphere V100R006C00SPC102
CVE-2017-8197

7.2HIGH

Key Information:

Vendor: McAfee
Status: Fusionsphere
Vendor: CVE Published:; 22 November 2017

Summary

The FusionSphere V100R006C00SPC102 product from Huawei contains a security flaw that permits an authenticated, remote attacker to exploit command injection vulnerabilities. By crafting packets containing malicious strings and sending them to the target device, the attacker could execute arbitrary system commands. This weakness poses a significant risk as it enables unauthorized control over the affected system, emphasizing the need for immediate attention to mitigate potential exploitation.

Affected Version(s)

FusionSphere V100R006C00SPC102(NFV)

References

http://www.huawei.com/en/psirt/security-advisories/huawei...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2017
Vulnerability Reserved
Apr 25, 2017