CVE-2018-16494
Severity Score
8.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
En VOS, un "umask" excesivamente permisivo puede permitir a usuarios autorizados del servidor conseguir acceso no autorizado mediante permisos de archivo no seguros que pueden resultar en una lectura, escritura o ejecución arbitraria de archivos y directorios recién diseñados. La configuración umask no segura estaba presente en todos los servidores de Versa
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-09-04 CVE Reserved
- 2021-05-26 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-377: Insecure Temporary File
- CWE-668: Exposure of Resource to Wrong Sphere
CAPEC
References (1)
| URL | Tag | Source |
|---|---|---|
| https://hackerone.com/reports/1168191 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Versa-networks Search vendor "Versa-networks" | Versa Operating System Search vendor "Versa-networks" for product "Versa Operating System" | < 16.1r2s11 Search vendor "Versa-networks" for product "Versa Operating System" and version " < 16.1r2s11" | - |
Affected
| ||||||
| Versa-networks Search vendor "Versa-networks" | Versa Operating System Search vendor "Versa-networks" for product "Versa Operating System" | >= 20.2.0 < 20.2.2 Search vendor "Versa-networks" for product "Versa Operating System" and version " >= 20.2.0 < 20.2.2" | - |
Affected
| ||||||
| Versa-networks Search vendor "Versa-networks" | Versa Operating System Search vendor "Versa-networks" for product "Versa Operating System" | >= 21.1.0 < 21.1.1 Search vendor "Versa-networks" for product "Versa Operating System" and version " >= 21.1.0 < 21.1.1" | - |
Affected
| ||||||