CVE-2018-16497
First published: Wed May 26 2021(Updated: )
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who are members of the versa group.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Versa Networks Versa Analytics |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-16497?
CVE-2018-16497 is a high severity privilege escalation vulnerability.
How do I fix CVE-2018-16497?
To fix CVE-2018-16497, ensure that cron jobs are not run as the root user and restrict write access to sensitive scripts.
What software is affected by CVE-2018-16497?
CVE-2018-16497 affects Versa Networks' Versa Analytics software.
Can users exploit CVE-2018-16497?
Yes, users with write access to the script can potentially exploit CVE-2018-16497 to gain root privileges.
Is there a workaround for CVE-2018-16497?
A workaround for CVE-2018-16497 includes removing write permissions for non-privileged users on the scripts executed by cron jobs.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/versa-networks
- canonical/versa networks versa analytics