Versa Networks Versa Operating System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Versa Networks Versa Operating System.
By the Year
In 2026 there have been 0 vulnerabilities in Versa Networks Versa Operating System. Versa Operating System did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 4 | 7.83 |
It may take a day or so for new Versa Operating System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Versa Networks Versa Operating System Security Vulnerabilities
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application
CVE-2018-16495
8.8 - High
- May 26, 2021
In VOS user session identifier (authentication token) is issued to the browser prior to authentication but is not changed after the user successfully logs into the application. Failing to issue a new session ID following a successful login introduces the possibility for an attacker to set up a trap session on the device the victim is likely to login with.
Session Fixation
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions
CVE-2018-16494
8.8 - High
- May 26, 2021
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa servers.
Exposure of Resource to Wrong Sphere
In Versa Director
CVE-2019-25030
- May 26, 2021
In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in thwarting password cracking. Attackers can generate and use precomputed hashes for all possible password character combinations (commonly referred to as "rainbow tables") relatively quickly. The use of adaptive hashing algorithms such asscryptorbcryptor Key-Derivation Functions (i.e.PBKDF2) to hash passwords make generation of such rainbow tables computationally infeasible.
Insufficiently Protected Credentials
In VOS compromised, an attacker at network endpoints
CVE-2018-16499
5.9 - Medium
- May 26, 2021
In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR (Technical Security Requirements).
Inadequate Encryption Strength
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Versa Networks Versa Operating System or by Versa Networks? Click the Watch button to subscribe.
