CVE-2017-8134

Name of the Vulnerable Software and Affected Versions FusionSphere OpenStack versions V100R006C00 through V100R006C10

Description The issue is related to a command injection vulnerability caused by insufficient input validation on four TCP listening ports. An unauthenticated attacker can exploit this to gain root privileges by sending messages with malicious commands.

Recommendations For versions V100R006C00 and V100R006C10, consider restricting access to the four TCP listening ports to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.