← Volver a CVEs
CVE-2025-34026
HIGHCISA KEV7.5
Descripcion
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
Detalles CVE
Puntuacion CVSS v3.17.5
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado5/21/2025
Ultima modificacion1/23/2026
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorVersa
ProductoConcerto
Nombre vulnerabilidadVersa Concerto Improper Authentication Vulnerability
Fecha inclusion KEV2026-01-22
Fecha limite remediacion2026-02-12
Uso en ransomwareUnknown
Productos afectados
versa-networks:concerto
Debilidades (CWE)
CWE-288
Referencias
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce(disclosure@vulncheck.com)
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.