Versa-Networks: >> Versa Operating System >> 20.2.0 Security Vulnerabilities
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
CVSS Score
8.8
EPSS Score
0.008
Published
2021-05-26
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.
CVSS Score
8.8
EPSS Score
0.003
Published
2021-05-26