1. Home
  2. CVE Database
  3. CVE-2018-16497
HIGH · 7.8

CVE-2018-16497

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege esca...

Vulnerability Description

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
Versa-NetworksVersa Analytics-

Related Weaknesses (CWE)

CWE-269

References

FAQ

What is CVE-2018-16497?

CVE-2018-16497 is a vulnerability with a CVSS score of 7.8 (HIGH). In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege esca...

How severe is CVE-2018-16497?

CVE-2018-16497 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-16497?

Check the references section above for vendor advisories and patch information. Affected products include: Versa-Networks Versa Analytics.