Privilege escalation in Versa-networks Versa_analytics
CVE-2018-16497
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the…
Vulnerability class: Privilege Escalation
EPSS: 0.002 (13.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Versa-networks Versa_analytics
- N/a Versa Analytics — versions Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1
Weakness classification (CWE)
References
- support@hackerone.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2018-16497?
- CVE-2018-16497 is a high-severity vulnerability in Versa-networks Versa_analytics, classified under Improper Privilege Management. CVSS score: 7.8/10. Published 2021-05-26.
- How severe is CVE-2018-16497?
- High severity. CVSS v3 base score is 7.8 out of 10.