Vulnerability Details : CVE-2018-16498
In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.
Exploit prediction scoring system (EPSS) score for CVE-2018-16498
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 10 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-16498
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.8
|
3.6
|
NIST |
CWE ids for CVE-2018-16498
-
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.Assigned by:
- nvd@nist.gov (Primary)
- support@hackerone.com (Secondary)
References for CVE-2018-16498
-
https://hackerone.com/reports/1168195
#1168195 Plaintext Credentials in Backups & ConfigsThird Party Advisory
Products affected by CVE-2018-16498
- cpe:2.3:a:versa-networks:versa_director:-:*:*:*:*:*:*:*