← Voltar para CVEs
CVE-2025-34026
HIGHCISA KEV7.5
Descricao
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
Detalhes CVE
Pontuacao CVSS v3.17.5
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado5/21/2025
Ultima modificacao1/23/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorVersa
ProdutoConcerto
Nome da vulnerabilidadeVersa Concerto Improper Authentication Vulnerability
Data inclusao KEV2026-01-22
Prazo de remediacao2026-02-12
Uso em ransomwareUnknown
Produtos afetados
versa-networks:concerto
Fraquezas (CWE)
CWE-288
Referencias
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce(disclosure@vulncheck.com)
https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e(134c704f-9b21-4f2e-91b3-4a467353bcc0)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2025-34026(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.