Lucene search

[email protected]NVD:CVE-2018-16497

HistoryMay 26, 2021 - 7:15 p.m.

CVE-2018-16497

2021-05-2619:15:08

CWE-269

[email protected]

web.nvd.nist.gov

versa analytics

cron jobs

privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

Affected configurations

Nvd

Node

versa-networksversa_analyticsMatch-

VendorProductVersionCPE
versa-networksversa_analytics-cpe:2.3:a:versa-networks:versa_analytics:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
versa-networks	versa_analytics	-	cpe:2.3:a:versa-networks:versa_analytics:-:::::::*

References

hackerone.com/reports/1168194

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

Percentile

12.6%

JSON

Related for NVD:CVE-2018-16497

cvelist1 prion1 hackerone1 cve1