21.1.0

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

versa-networks

CWE-668

NVD

Published: 2021-05-26

Updated: 2021-06-04

Summary

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

Vulnerable Configurations

Part	Description	Count
OS	Versa-Networks Versa Networks Versa Operating System 21.1.0 Versa Networks Versa Operating System 20.2.0 Versa Networks Versa Operating System -	3

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://hackerone.com/reports/1168191