Insecure Umask in Versa Servers Allows Unauthorized File Access
CVE-2018-16494

8.8HIGH

Key Information:

Vendor: Versa-networks
Status: Versa Vos
Vendor: CVE Published:; 26 May 2021

🔔 Create Versa-networks Vulnerability Alert

What is CVE-2018-16494?

A security vulnerability exists in Versa servers due to an overly permissive umask setting. This configuration allows authorized users to potentially exploit insecure file permissions, resulting in unauthorized access to sensitive files. The vulnerability facilitates arbitrary read, write, or execution of files and directories that can be newly created, posing significant risks to the integrity and confidentiality of data managed by Versa servers. Immediate attention is advised to address the umask settings to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Versa VOS Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1

References

https://hackerone.com/reports/1168191

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Sep 4, 2018

JSON

Versa-networks

What is CVE-2018-16494?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.