cve-2024-42450
Vulnerability from cvelistv5
Published
2024-11-19 17:21
Modified
2024-11-21 04:55
Severity ?
EPSS score ?
Summary
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system.
Exploitation Status:
Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.
Workarounds or Mitigation:
Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports
This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened.
Please contact Versa Technical Support or Versa account team for any further assistance.
Software Download Links:
22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
References
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:versa:director:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "director", "vendor": "versa", "versions": [ { "lessThanOrEqual": "21.2.3", "status": "affected", "version": "21.2.2", "versionType": "semver" }, { "lessThanOrEqual": "22.1.4", "status": "affected", "version": "22.1.1", "versionType": "semver" } ] } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1" } }, { "other": { "content": { "id": "CVE-2024-42450", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-11-20T00:00:00+00:00", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-798", "description": "CWE-798 Use of Hard-coded Credentials", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-11-21T04:55:12.404Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Director", "vendor": "Versa", "versions": [ { "lessThanOrEqual": "22.1.4", "status": "affected", "version": "22.1.4", "versionType": "semver" } ] } ], "descriptions": [ { "lang": "en", "value": "The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. \n\nExploitation Status:\nVersa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.\n\nWorkarounds or Mitigation:\nStarting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports \n\nThis vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. \n\nPlease contact Versa Technical Support or Versa account team for any further assistance.\n\nSoftware Download Links:\n22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4" } ], "metrics": [ { "cvssV3_0": { "baseScore": 10, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0" } } ], "providerMetadata": { "dateUpdated": "2024-11-19T17:21:41.498Z", "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone" }, "references": [ { "url": "https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3" } ] } }, "cveMetadata": { "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "cveId": "CVE-2024-42450", "datePublished": "2024-11-19T17:21:41.498Z", "dateReserved": "2024-08-02T01:04:07.984Z", "dateUpdated": "2024-11-21T04:55:12.404Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "vulnerability-lookup:meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2024-42450\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-11-19T18:15:20.560\",\"lastModified\":\"2024-11-19T21:56:45.533\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. \\n\\nExploitation Status:\\nVersa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.\\n\\nWorkarounds or Mitigation:\\nStarting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports \\n\\nThis vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. \\n\\nPlease contact Versa Technical Support or Versa account team for any further assistance.\\n\\nSoftware Download Links:\\n22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4\"},{\"lang\":\"es\",\"value\":\"Versa Director utiliza PostgreSQL (Postgres) para almacenar datos operativos y de configuraci\u00f3n. Tambi\u00e9n es necesario para la funci\u00f3n de alta disponibilidad de Versa Director. La configuraci\u00f3n predeterminada tiene una contrase\u00f1a com\u00fan en todas las instancias de Versa Director. De forma predeterminada, Versa Director configura Postgres para escuchar en todas las interfaces de red. Esta combinaci\u00f3n permite que un atacante no autenticado acceda y administre la base de datos o lea el contenido del sistema de archivos local para aumentar los privilegios en el sistema. Estado de explotaci\u00f3n: Versa Networks no tiene conocimiento de esta explotaci\u00f3n en ning\u00fan sistema de producci\u00f3n. Existe una prueba de concepto en el entorno de laboratorio. Soluciones alternativas o mitigaci\u00f3n: a partir de la \u00faltima versi\u00f3n 22.1.4 de Versa Director, el software restringir\u00e1 autom\u00e1ticamente el acceso a los puertos Postgres y HA solo a los Versa Directors locales y de pares. Para versiones anteriores, Versa recomienda realizar un fortalecimiento manual de los puertos HA. Consulte el siguiente enlace para conocer los pasos https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports Esta vulnerabilidad no se puede explotar en Versa Directors si se implementan las pautas de firewall publicadas. Hemos validado que ninguna de las cabeceras alojadas en Versa se haya visto afectada por esta vulnerabilidad. Todas las cabeceras alojadas en Versa est\u00e1n parcheadas y reforzadas. Comun\u00edquese con el soporte t\u00e9cnico de Versa o con el equipo de cuentas de Versa para obtener m\u00e1s ayuda. Enlaces de descarga de software: 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}],\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-798\"}]}],\"references\":[{\"url\":\"https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3\",\"source\":\"support@hackerone.com\"}]}}" } }
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.