CVE-2018-16494

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
References
Link Resource
https://hackerone.com/reports/1168191 Third Party Advisory
https://hackerone.com/reports/1168191 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*
cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:52

Type Values Removed Values Added
References () https://hackerone.com/reports/1168191 - Third Party Advisory () https://hackerone.com/reports/1168191 - Third Party Advisory

04 Jun 2021, 15:04

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 6.5
v3 : 8.8
References (MISC) https://hackerone.com/reports/1168191 - (MISC) https://hackerone.com/reports/1168191 - Third Party Advisory
CWE CWE-668
CPE cpe:2.3:o:versa-networks:versa_operating_system:*:*:*:*:*:*:*:*

26 May 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-05-26 19:15

Updated : 2024-11-21 03:52


NVD link : CVE-2018-16494

Mitre link : CVE-2018-16494

CVE.ORG link : CVE-2018-16494


JSON object : View

Products Affected

versa-networks

  • versa_operating_system
CWE
CWE-377

Insecure Temporary File

CWE-668

Exposure of Resource to Wrong Sphere