CVE-2017-8131

Name of the Vulnerable Software and Affected Versions FusionSphere OpenStack versions V100R006C00 through V100R006C10

Description The issue is related to a command injection vulnerability caused by insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit this to gain root privileges by sending messages with malicious commands.

Recommendations For versions V100R006C00 and V100R006C10, consider restricting access to the four TCP listening ports as a temporary workaround until a patch is available. Additionally, ensure proper input validation is in place to prevent command injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.