HIGH🇬🇧 English

CVE-2018-16497

CVSS 7.8v3.1pub. 2021-05-26upd. 2024-11-21

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Versa Networks Versa Analytics

    APP
    Versa-Networks
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
LPE
CWE
Referencje

Powiązane podatności

CVE-2019-25030MEDIUM5.5ten sam produkt

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash func...

CVE-2025-34026CRITICAL9.2⚠ KEVPL ✓ten sam vendor

Versa Concerto SD-WAN: Authentication Bypass w konfiguracji Traefik reverse proxy

CVE-2019-25029CRITICAL9.8ten sam vendor

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...

CVE-2024-39717HIGH7.2⚠ KEVten sam vendor

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is...

CVE-2018-16494HIGH8.8ten sam vendor

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access ...