CVE-2024-45208

{"id": "CVE-2024-45208", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "support@hackerone.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2025-06-19T00:15:21.097", "references": [{"url": "https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566", "source": "support@hackerone.com"}, {"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718", "source": "support@hackerone.com"}, {"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3", "source": "support@hackerone.com"}, {"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2", "source": "support@hackerone.com"}, {"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3", "source": "support@hackerone.com"}, {"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4", "source": "support@hackerone.com"}, {"url": "https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation", "source": "support@hackerone.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.\r\n\r\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers."}, {"lang": "es", "value": "La plataforma de orquestaci\u00f3n SD-WAN Versa Director utiliza el servicio de aplicaciones Cisco NCS. Los directores activos y en espera se comunican a trav\u00e9s de los puertos TCP 4566 y 4570 para intercambiar informaci\u00f3n de alta disponibilidad (HA) mediante una contrase\u00f1a compartida. Las versiones afectadas de Versa Director est\u00e1n vinculadas a estos puertos en todas las interfaces. Un atacante que acceda a Versa Director podr\u00eda acceder al servicio NCS en el puerto 4566 y explotarlo para realizar acciones administrativas no autorizadas y ejecutar c\u00f3digo remoto. Se recomienda a los clientes seguir la gu\u00eda de refuerzo. Versa Networks no tiene constancia de ning\u00fan caso reportado de explotaci\u00f3n de esta vulnerabilidad. Investigadores de seguridad externos han publicado una prueba de concepto de esta vulnerabilidad."}], "lastModified": "2025-06-23T20:16:59.783", "sourceIdentifier": "support@hackerone.com"}