21.1.0

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

versa-networks

CWE-668

NVD

Published: 2021-05-26

Updated: 2021-06-04

Summary

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.

Vulnerable Configurations

Part	Description	Count
OS	Versa-Networks Versa Networks Versa Operating System - Versa Networks Versa Operating System 20.2.0 Versa Networks Versa Operating System 21.1.0	3

Common Weakness Enumeration (CWE)

CWE-668 - Exposure of Resource to Wrong Sphere

References

https://hackerone.com/reports/1168191