HIGH🇵🇱 Wersja polska

CVE-2018-16497

CVSS 7.8v3.1pub. 2021-05-26upd. 2024-11-21

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Versa Networks Versa Analytics

    APP
    Versa-Networks
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
LPE
CWE
References

Related vulnerabilities

CVE-2019-25030MEDIUM5.5ten sam produkt

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash func...

CVE-2025-34026CRITICAL9.2⚠ KEVPL ✓ten sam vendor

Versa Concerto SD-WAN: Authentication Bypass w konfiguracji Traefik reverse proxy

CVE-2019-25029CRITICAL9.8ten sam vendor

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on ...

CVE-2024-39717HIGH7.2⚠ KEVten sam vendor

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is...

CVE-2018-16494HIGH8.8ten sam vendor

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access ...