Vulnerability in Versa-networks Versa_analytics
CVE-2019-25030
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5…
EPSS: 0.002 (11.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 5.5 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.
Affected products
- Versa-networks Versa_analytics
- Versa-networks Versa_director
- Versa-networks Versa_operating_system
- N/a Versa Director, Analytics, Vos — versions Fixed Versions: 16.1R2S11, 20.2.2, 21.1.1, 21.2.1
Weakness classification (CWE)
Public proof-of-concept exploits
References
- support@hackerone.com (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2019-25030?
- CVE-2019-25030 is a medium-severity vulnerability in Versa-networks Versa_analytics, classified under Insufficiently Protected Credentials. CVSS score: 5.5/10. Published 2021-05-26.
- How severe is CVE-2019-25030?
- Medium severity. CVSS v3 base score is 5.5 out of 10.
- Is CVE-2019-25030 known to be exploited?
- 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.