CVE-2018-16494

HIGH

Versa-networks Versa Operating System - Exposure to Wrong Actor

Title source: rule

Description

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

References (1)

[Third Party Advisory] https://hackerone.com/reports/1168191

Scores

CVSS v3 8.8

EPSS 0.0083

EPSS Percentile 74.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-377 CWE-668

Status published

Affected Products (1)

versa-networks/versa_operating_system < 16.1r2s11

Timeline

Published May 26, 2021

Tracked Since Feb 18, 2026