CVE-2017-7999
CVE-2017-7999 is a medium-severity vulnerability in Eucalyptus with a CVSS 3.x base score of 6.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low.
Key facts
- Severity: Medium (CVSS 3.x base score 6.5)
- CVSS v2: 3.5
- EPSS exploit prediction: 1% (59th percentile)
- Actively exploited: Not listed in CISA KEV
- Affected product: Eucalyptus
- Published:
- Last modified:
Description
Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.
Frequently asked questions
- What is CVE-2017-7999?
- Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote authenticated users with certain privileges to cause a denial of service (E2 service outage) via unspecified vectors.
- How severe is CVE-2017-7999?
- CVE-2017-7999 has a CVSS 3.x base score of 6.5, rated medium severity. It is exploitable over network with low attack complexity, requires low privileges and no user interaction. Impact on confidentiality is none, integrity none, and availability high.
- Is CVE-2017-7999 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 1% (59th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2017-7999?
- CVE-2017-7999 primarily affects Eucalyptus. In total, 6 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2017-7999?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2017-7999 published?
- CVE-2017-7999 was published on 2017-06-01 and last updated on 2026-06-17.
References
Affected products (6)
- cpe:2.3:a:eucalyptus:eucalyptus:4.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:eucalyptus:eucalyptus:4.4.0:*:*:*:*:*:*:*
More vulnerabilities in Eucalyptus
- CVE-2013-4767 — Critical (CVSS 10.0): Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
- CVE-2016-8528 — High (CVSS 8.8): A Remote Escalation of Privilege vulnerability in HPE Helion Eucalyptus version 3.3.0 through 4.3.1 was found.
- CVE-2016-8520 — High (CVSS 8.8): HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM user's permissions for accessing versioned…
- CVE-2015-6861 — High (CVSS 7.5): HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated users to bypass an intended AssumeRole permission…
- CVE-2012-3241 — High (CVSS 7.5): The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not properly authenticate SOAP requests, which allows…
- CVE-2012-3240 — High (CVSS 7.5): The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows remote attackers to gain administrator privileges…