CVE-2017-8158
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
FusionCompute V100R005C00 and V100R005C10 have an improper authorization vulnerability due to improper permission settings for a certain file on the host machine. An authenticated attacker could create a large number of virtual machine (VM) processes to exhaust system resources. Successful exploit could make new VMs unavailable.
FusionCompute V100R005C00 y V100R005C10 tiene una vulnerabilidad de autorización incorrecta debido a una configuración de permisos incorrecta para un archivo determinado en la máquina host. Un atacante autenticado podría crear un gran número de procesos de máquina virtual para agotar los recursos del sistema. Un exploit exitoso podría hacer que las nuevas máquinas virtuales no estén disponibles.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-04-25 CVE Reserved
- 2017-11-22 CVE Published
- 2023-03-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-732: Incorrect Permission Assignment for Critical Resource
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://www.huawei.com/en/psirt/security-advisories/2017/huawei-sa-20170927-01-dos-en | 2019-10-03 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Huawei Search vendor "Huawei" | Fusioncompute Search vendor "Huawei" for product "Fusioncompute" | v100r005c00 Search vendor "Huawei" for product "Fusioncompute" and version "v100r005c00" | - |
Affected
| ||||||
Huawei Search vendor "Huawei" | Fusioncompute Search vendor "Huawei" for product "Fusioncompute" | v100r005c10 Search vendor "Huawei" for product "Fusioncompute" and version "v100r005c10" | - |
Affected
|