Versa Networks Exposes Critical API Vulnerability in Versa Director (CVE-2024-45229)

Versa Networks has issued a security advisory regarding a vulnerability discovered in its Versa Director product, CVE-2024-45229. This vulnerability, which carries a CVSS score of 6.6, could potentially expose sensitive user authentication tokens, placing enterprise networks at risk.

The Versa Director is known for its orchestration and management capabilities, often used for controlling and configuring network services via REST APIs. While certain APIs, such as those related to login screens, banners, and device registration, are intentionally designed to bypass authentication, a flaw has been discovered that could allow attackers to exploit one of these APIs.

This specific vulnerability arises from the ability to inject invalid arguments into a GET request, targeting the Versa Director when it is directly connected to the Internet. Exploiting this flaw would give attackers access to the authentication tokens of currently logged-in users. These tokens can then be leveraged to access additional APIs on port 9183, further compromising the system.

However, the CVE-2024-45229 vulnerability does not expose user credentials such as usernames or passwords, which slightly limits its impact.

The vulnerability affects several versions of Versa Director, particularly images released before September 9, 2024. Versa has promptly issued hotfixes to mitigate the issue for affected versions. The following versions are impacted:

• 22.1.4, 22.1.3, and 22.1.2: Images released before September 9, 2024
• 21.2.3 and 21.2.2: Similarly impacted by older images before the September 9 cut-off

Versa has recommended immediate upgrades to the following patched versions:

• 22.1.4, 22.1.3, and 22.1.2: Hotfixes released on September 12, 2024
• 21.2.3: Hotfixes also issued on the same date

For users of older versions such as 21.2.2 and 22.1.1, Versa strongly urges upgrading to version 21.2.3 or 22.1.3, respectively.

While no incidents of this vulnerability being exploited in live production environments have been reported, Versa Networks has acknowledged the existence of a proof-of-concept in lab settings. This proof-of-concept demonstrates the feasibility of the attack but does not yet indicate widespread exploitation in real-world environments.

Unfortunately, Versa Director does not currently provide any direct workarounds for this vulnerability. However, administrators can employ Web Application Firewalls (WAFs) or API Gateways to block access to the vulnerable API endpoints as a temporary measure. The following endpoints should be closely monitored and restricted:

• /vnms/devicereg/device/* (ports 9182 & 9183)
• /versa/vnms/devicereg/device/* (port 443)

Most crucially, Versa urges all users to upgrade to the patched versions of the software to avoid exposure.

Related Posts:

• Chinese Hackers Deploy VersaMem Web Shell via Versa Director Zero-Day (CVE-2024-39717)
• CVE-2024-39717: Versa Networks Director GUI Flaw Under Active Attack, CISA Issues Urgent Patching Directive
• Microsoft’s September Patch Tuesday: A Patchwork of Urgency with 4 Zero-Days Under Attack
• British GCHQ Director: U.K. has launched a major cyberattack on the Islamic State (IS) terrorist organization
• Unpatched Critical Flaw in VMware Cloud Director Appliances