PT-2017-18174 · Huawei · Fusionsphere Openstack

Published

2017-11-22

Updated

2019-10-03

CVE-2017-8168

CVSS v3.1

4.3

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions FusionSphere OpenStack versions V100R006C00SPC102(NFV) and V100R006C10

Description The issue is related to an information leak due to an incorrect configuration item. This results in unencrypted information being transmitted by a transmission channel. An attacker with access to the internal network may be able to obtain sensitive information.

Recommendations For FusionSphere OpenStack version V100R006C00SPC102(NFV), ensure that all configuration items are correctly set to encrypt transmitted information. For FusionSphere OpenStack version V100R006C10, verify and adjust the configuration to enable encryption for all transmitted data.

Fix

Missing Encryption of Sensitive Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-311

Related Identifiers

CVE-2017-8168

Affected Products

Fusionsphere Openstack

PT-2017-18174 · Huawei · Fusionsphere Openstack

CVE-2017-8168

Weakness Enumeration

Related Identifiers

Affected Products

References · 3