cve-2024-45229
Vulnerability from cvelistv5
Published
2024-09-20 18:09
Modified
2024-09-20 18:53
Summary
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:versa:director:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "director",
            "vendor": "versa",
            "versions": [
              {
                "status": "affected",
                "version": "22.1.4"
              },
              {
                "status": "affected",
                "version": "22.1.3"
              },
              {
                "status": "affected",
                "version": "22.1.2"
              },
              {
                "status": "affected",
                "version": "22.1.1"
              },
              {
                "status": "affected",
                "version": "21.2.3"
              },
              {
                "status": "affected",
                "version": "21.2.2"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-45229",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-20T18:45:34.826535Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-306",
                "description": "CWE-306 Missing Authentication for Critical Function",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-20T18:53:08.178Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Director",
          "vendor": "Versa",
          "versions": [
            {
              "lessThan": "22.1.4 20240909",
              "status": "affected",
              "version": "22.1.4 20240909",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1.3 20240909",
              "status": "affected",
              "version": "22.1.3 20240909",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1.2 20240909",
              "status": "affected",
              "version": "22.1.2 20240909",
              "versionType": "custom"
            },
            {
              "lessThan": "22.1.1 20240909",
              "status": "affected",
              "version": "22.1.1 20240909",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2.3 20240909",
              "status": "affected",
              "version": "21.2.3 20240909",
              "versionType": "custom"
            },
            {
              "lessThan": "21.2.2 20240909",
              "status": "affected",
              "version": "21.2.2 20240909",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API.  /vnms/devicereg/device/* (on ports 9182 \u0026 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-20T18:09:30.570Z",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2024-45229",
    "datePublished": "2024-09-20T18:09:30.570Z",
    "dateReserved": "2024-08-24T01:00:01.733Z",
    "dateUpdated": "2024-09-20T18:53:08.178Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45229\",\"sourceIdentifier\":\"support@hackerone.com\",\"published\":\"2024-09-20T19:15:16.080\",\"lastModified\":\"2024-09-26T13:32:55.343\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \\r\\n\\r\\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API.  /vnms/devicereg/device/* (on ports 9182 \u0026 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance.\"},{\"lang\":\"es\",\"value\":\"Versa Director ofrece API REST para orquestaci\u00f3n y administraci\u00f3n. Por dise\u00f1o, ciertas API, como la pantalla de inicio de sesi\u00f3n, la visualizaci\u00f3n de banners y el registro de dispositivos, no requieren autenticaci\u00f3n. Sin embargo, se descubri\u00f3 que para los Directors conectados directamente a Internet, una de estas API se puede explotar inyectando argumentos no v\u00e1lidos en una solicitud GET, lo que potencialmente expone los tokens de autenticaci\u00f3n de otros usuarios que hayan iniciado sesi\u00f3n en ese momento. Estos tokens se pueden usar para invocar API adicionales en el puerto 9183. Este exploit no revela ninguna informaci\u00f3n de nombre de usuario o contrase\u00f1a. Actualmente, no hay workarounds en Versa Director. Sin embargo, si hay un firewall de aplicaciones web (WAF) o una puerta de enlace de API frente a Versa Director, se puede usar para bloquear el acceso a las URL de API vulnerables. /vnms/devicereg/device/* (en los puertos 9182 y 9183) y /versa/vnms/devicereg/device/* (en el puerto 443). Versa recomienda que los Directors se actualicen a una de las versiones de software corregidas. Esta vulnerabilidad no se puede explotar en los Directors de Versa que no est\u00e9n expuestos a Internet. Hemos comprobado que ninguna de las cabeceras alojadas en Versa se ha visto afectada por esta vulnerabilidad. P\u00f3ngase en contacto con el equipo de asistencia t\u00e9cnica de Versa o con el equipo de cuentas de Versa para obtener m\u00e1s ayuda.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"support@hackerone.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":0.7,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-306\"}]}],\"references\":[{\"url\":\"https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9\",\"source\":\"support@hackerone.com\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.