CVE-2018-16497

Published: May 26, 2021Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

Affected (1)

Products: Versa Networks: Versa Analytics

1 product

Versa Analytics

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Versa Networks Versa Analytics	All versions

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

https://hackerone.com/reports/1168194

Source: support@hackerone.com

Third Party Advisory

https://hackerone.com/reports/1168194

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.