CVE-2017-8132

Name of the Vulnerable Software and Affected Versions FusionSphere OpenStack versions V100R006C00 through V100R006C10

Description The issue is related to a command injection vulnerability caused by insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit this to gain root privileges by sending messages with malicious commands.

Recommendations For versions V100R006C00 and V100R006C10, update to a version that includes the fix for the command injection vulnerability to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.