Privilege Escalation Vulnerability in Versa Analytics by Versa Networks
CVE-2018-16497

7.8HIGH

Key Information:

Vendor: Versa-networks
Status: Versa Analytics
Vendor: CVE Published:; 26 May 2021

🔔 Create Versa-networks Vulnerability Alert

What is CVE-2018-16497?

In Versa Analytics, a vulnerability exists due to cron jobs that are scheduled to execute tasks on the server. When these jobs are run as the root user, there is a risk of privilege escalation, as the scripts executed can be modified by users within the versa group. This presents a security risk as unauthorized users might gain higher privileges, enabling them to execute commands that can compromise the integrity of the system.

Affected Version(s)

Versa Analytics Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1

References

https://hackerone.com/reports/1168194

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Sep 4, 2018

JSON