Versa Director Flaw Leads to API Exploit, Affects SD-WAN Customers-web3.0-php.cn

Home

web3.0

Versa Director Flaw Leads to API Exploit, Affects SD-WAN Customers

Patricia Arquette

Sep 25, 2024 am 09:13 AM

Token TheftVersa Director API Attacks

Vulnerabilities in Versa Director are never a small matter, as the platform manages network configurations for Versa's SD-WAN software

Versa Director Flaw Leads to API Exploit, Affects SD-WAN Customers

A vulnerability in Versa Networks’ Versa Director, used by internet service providers (ISPs) and managed service providers (MSPs) to manage network configurations for Versa’s SD-WAN software, has been disclosed by the Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability, tracked as CVE-2024-45229, is rated 6.6 in severity and affects five versions of the software.

Organizations using vulnerable versions are advised to take immediate action to protect their networks by upgrading to a newer version. The advisory follows a high-severity vulnerability last month, CVE-2024-39717, which was used to attack downstream customers in a supply chain attack.

Cyble’s ODIN scanner currently shows 73 internet-exposed Versa Director instances, though it is not clear how many of them contain the latest vulnerability.

Versa Director Flaw Leads to API Exploit

Versa Director’s REST APIs are designed to facilitate automation and streamline operations through a unified interface, enabling IT teams to configure and monitor their network systems more efficiently. However, a flaw in the implementation of these APIs allows for improper input validation, Cyble threat intelligence researchers explained in a blog post.

The APIs in question are designed to not require authentication by default, making them accessible to anyone with network connectivity. An attacker could exploit this vulnerability by sending a specially crafted GET request to a Versa Director instance that is directly connected to the internet.

“For Versa Directors connected directly to the Internet, attackers could potentially exploit this vulnerability by injecting invalid arguments into a GET request,” Cyble said. “This could expose authentication tokens of currently logged-in users, which can then be used to access additional APIs on port 9183.”

While the exploit itself does not reveal user credentials, “the implications of token exposure could lead to broader security breaches.”

“The exposure of these tokens can allow attackers to access additional APIs,” Cyble said. “Such unauthorized access could facilitate broader security breaches, potentially impacting sensitive data and operational integrity.”

Versa suggests that a web application firewall (WAF) or API gateway could be used to protect internet-exposed Versa Director instances by blocking access to the URLs of the vulnerable APIs (/vnms/devicereg/device/* on ports 9182 and 9183 and /versa/vnms/devicereg/device/* on port 443).

Affected Versa Director Versions

The vulnerability affects multiple versions of Versa Director, specifically those released before Sept. 9, 2024. This includes versions 22.1.4, 22.1.3, and 22.1.2, as well as all versions of 22.1.1, 21.2.3, and 21.2.2.

Versions released on Sept. 12 and later contain a hot fix for the vulnerability.

The flaw primarily stems from APIs that, by design, do not require authentication. These include interfaces for logging in, displaying banners, and registering devices.

Cyble Recommendations

Cyble researchers recommend the following mitigations and best practices for protecting Versa Director instances:

The above is the detailed content of Versa Director Flaw Leads to API Exploit, Affects SD-WAN Customers. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Qubetics ($TICS): The Revolutionizing AI CryptoMar 23, 2025 am 10:08 AM

Cryptocurrency has always been a realm where the cutting edge of technology meets bold ambition, and it's only getting more exciting in the future. As artificial intelligence continues to grow in influence, there are a handful of digital assets that

Bitcoin historical price list 2015-2025 Bitcoin price trend charts in the past decadeMar 12, 2025 pm 06:54 PM

This article reviews the ten-year price trend of Bitcoin from 2015 to 2025 in detail. Data shows that Bitcoin price fluctuates dramatically, experiencing huge changes from $200 to over $100,000. During this period, the price of Bitcoin was affected by a variety of factors, including halving of block rewards, market sentiment, regulatory policies, and global macroeconomic situation. The article analyzes the rise and fall of Bitcoin prices year by year, and focuses on interpreting the price changes in key years, providing a reference for investors to understand the history of Bitcoin prices and predict future trends. Keywords: Bitcoin price, Bitcoin trend, Bitcoin decade, digital currency, cryptocurrency

Bitcoin [BTC] was on a downtrend after losing the $92,000-support level in the final week of FebruaryMar 16, 2025 am 10:10 AM

Technical indicators such as the OBV showed that selling pressure has been dominant, meaning more losses may be likely ahead.

Top 10 Free Virtual Currency Exchanges Rankings The latest top ten virtual currency APP trading platformsMar 11, 2025 am 10:18 AM

The top ten free virtual currency exchanges are ranked: 1. OKX; 2. Binance; 3. Gate.io; 4. Huobi Global; 5. Kraken; 6. Coinbase; 7. KuCoin; 8. Crypto.com; 9. MEXC Global; 10. Bitfinex. These platforms each have their own advantages.

Ethereum historical price trend chart 2015-2024 Ethereum k-line chart ten years trend trendMar 12, 2025 pm 06:57 PM

This article reviews the price trend of Ethereum since its listing in 2015, from the initial $0.31, it experienced a surge in 2017 to nearly $1,400, as well as a market plunge in 2018 and 2022, and then hit a record high of $4,891.70 in 2021, as well as a rebound and stability in 2023. The article data covers the significant changes in Ethereum prices over each year and predicts price trends for 2024-2025, providing investors with a comprehensive historical reference and future outlook for Ethereum prices. Understand the history of Ethereum price fluctuations and seize investment opportunities!

Top 10 digital currency app platforms rankings Virtual currency exchange latest rankings in 2025Mar 13, 2025 pm 06:45 PM

Top 10 digital currency app platforms: 1. OKX, 2. Binance, 3. Gate.io, 4. Kraken, 5. Coinbase, 6. Huobi, 7. KuCoin, 8. Crypto.com, 9. Bitfinex, 10. Gemini; these platforms are ranked according to factors such as transaction volume, security and user experience. When choosing, the platform's security, liquidity, transaction fees, currency selection, user interface and customer support should be considered.

Cyber criminals were able to steal cryptocurrency worth 1.5 billion US dollarsMar 16, 2025 am 11:12 AM

Since then, the provider has been investigating how this could have happened and how it will (hopefully) not happen again in the future.

BTFD Coin: The Presale That's Breaking RecordsMar 14, 2025 pm 03:15 PM

Ever wonder which meme coin could turn your small investment into life-changing gains? With the meme coin market heating up in 2025, investors are diving into fresh opportunities, hoping to catch the next big wave before prices skyrocket.