CVE-2018-16494
26.05.2021, 19:15
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.Enginsight
| Vendor | Product | Version |
|---|---|---|
| versa-networks | versa_operating_system | 𝑥 < 16.1r2s11 |
| versa-networks | versa_operating_system | 20.2.0 ≤ 𝑥 < 20.2.2 |
| versa-networks | versa_operating_system | 21.1.0 ≤ 𝑥 < 21.1.1 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-377 - Insecure Temporary FileCreating and using insecure temporary files can leave application and system data vulnerable to attack.
- CWE-668 - Exposure of Resource to Wrong SphereThe product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.