Insecure Umask in Versa Servers Allows Unauthorized File Access
CVE-2018-16494

8.8HIGH

Key Information:

Vendor: Versa-networks
Status: Versa Vos
Vendor: CVE Published:; 26 May 2021

🔔 Create Versa-networks Vulnerability Alert

What is CVE-2018-16494?

A security vulnerability exists in Versa servers due to an overly permissive umask setting. This configuration allows authorized users to potentially exploit insecure file permissions, resulting in unauthorized access to sensitive files. The vulnerability facilitates arbitrary read, write, or execution of files and directories that can be newly created, posing significant risks to the integrity and confidentiality of data managed by Versa servers. Immediate attention is advised to address the umask settings to safeguard against potential exploits.

Affected Version(s)

Versa VOS Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1

References

https://hackerone.com/reports/1168191

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Sep 4, 2018

JSON