Man-in-the-Middle Vulnerability in VOS by Vendor Name
CVE-2018-16499

5.9MEDIUM

Key Information:

Vendor: Versa-networks
Status: Versa Vos
Vendor: CVE Published:; 26 May 2021

🔔 Create Versa-networks Vulnerability Alert

What is CVE-2018-16499?

In VOS, attackers can exploit vulnerabilities at network endpoints to intercept and view communications between users and services. This occurs through man-in-the-middle attacks, where unauthorized access can lead to compromised sensitive data. The use of unapproved SSH encryption protocols and cipher suites exacerbates the issue, as it contradicts established Data Protection Technical Security Requirements (TSR), creating potential security risks for users.

Affected Version(s)

Versa VOS Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1

References

https://hackerone.com/reports/1168196

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 26, 2021
Vulnerability Reserved
Sep 4, 2018

JSON