HIGH🇵🇱 Wersja polska

CVE-2018-16494

CVSS 8.8v3.1pub. 2021-05-26upd. 2024-11-21

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Versa Networks Versa Operating System

    OS
    Versa-Networks
    < 16.1r2s1120.2.0 – 20.2.2 (bez)21.1.0 – 21.1.1 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2018-16495HIGH8.8ten sam produkt

In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is ...

CVE-2018-16499MEDIUM5.9ten sam produkt

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting ...

CVE-2019-25030MEDIUM5.5ten sam produkt

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash func...

CVE-2025-34026CRITICAL9.2⚠ KEVPL ✓ten sam vendor

Versa Concerto SD-WAN: Authentication Bypass w konfiguracji Traefik reverse proxy

CVE-2019-25029CRITICAL9.8ten sam vendor

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...