CVE-2018-16494
Last modified
CVE-2018-16494 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.. EPSS estimates a 1.92% chance of exploitation in the next 30 days.
Description
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Versa-Networks | Versa Operating System | < 16.1r2s11 |
| Versa-Networks | Versa Operating System | >= 20.2.0, < 20.2.2 |
| Versa-Networks | Versa Operating System | >= 21.1.0, < 21.1.1 |
References
- https://hackerone.com/reports/1168191Third Party Advisory
- https://hackerone.com/reports/1168191Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2018-16494?
How severe is CVE-2018-16494?
How do I fix CVE-2018-16494?
Are you affected by CVE-2018-16494?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST