TROYANOSYVIRUS
Zuruck zu CVEs

CVE-2024-45208

CRITICAL
9.8

Beschreibung

The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

CVE Details

CVSS v3.1 Bewertung9.8
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht6/19/2025
Zuletzt geandert6/23/2025
Quellenvd
Honeypot-Sichtungen0

Schwachen (CWE)

CWE-284

Referenzen

https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566(support@hackerone.com)
https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718(support@hackerone.com)
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3(support@hackerone.com)
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2(support@hackerone.com)
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3(support@hackerone.com)
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4(support@hackerone.com)
https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation(support@hackerone.com)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.