VA-25-169-01
Vulnerability from csaf_cisa - Published: 2025-07-02 20:57 - Updated: 2025-07-02 20:57Summary
Versa Networks Versa Director multiple vulnerabilities
Notes
Legal Notice
All information products included in [https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white](https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white) are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see [https://us-cert.cisa.gov/tlp/](https://us-cert.cisa.gov/tlp/).
Countries and Areas Deployed
Worldwide
Critical Infrastructure Sectors
Information Technology
Risk Evaluation
Versa Networks Versa Director contains a variety of vulnerabilities. In the most severe cases, a remote, unauthenticated attacker could execute arbitrary code with administrative privileges.
Recommended Practices
Upgrade to fixed versions of Versa Director. See https://security-portal.versa-networks.com/psirt/emailbulletins for additional details. See also https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director, https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation, and https://docs.versa-networks.com/Getting_Started/Deployment_and_Initial_Configuration/Deployment_Basics/Firewall_Requirements#Director_Firewall_Requirements.
Company Headquarters Location
United States
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE"
}
},
"lang": "en-US",
"notes": [
{
"category": "legal_disclaimer",
"text": "All information products included in [https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white](https://github.com/cisagov/CSAF/tree/develop/csaf_files/IT/white) are provided \\\"as is\\\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see [https://us-cert.cisa.gov/tlp/](https://us-cert.cisa.gov/tlp/).",
"title": "Legal Notice"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries and Areas Deployed"
},
{
"category": "other",
"text": "Information Technology",
"title": "Critical Infrastructure Sectors"
},
{
"category": "summary",
"text": "Versa Networks Versa Director contains a variety of vulnerabilities. In the most severe cases, a remote, unauthenticated attacker could execute arbitrary code with administrative privileges.",
"title": "Risk Evaluation"
},
{
"category": "general",
"text": "Upgrade to fixed versions of Versa Director. See https://security-portal.versa-networks.com/psirt/emailbulletins for additional details. See also https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director, https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation, and https://docs.versa-networks.com/Getting_Started/Deployment_and_Initial_Configuration/Deployment_Basics/Firewall_Requirements#Director_Firewall_Requirements.",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "United States",
"title": "Company Headquarters Location"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "https://www.cisa.gov/report",
"issuing_authority": "CISA",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "Vulnerability Advisory VA-25-169-01 CSAF",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/refs/heads/develop/csaf_files/IT/white/2025/va-25-169-01.json"
},
{
"category": "external",
"summary": "Security Advisories",
"url": "https://security-portal.versa-networks.com/psirt/emailbulletins"
},
{
"category": "external",
"summary": "Perform Manual Hardening for Versa Director",
"url": "https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director"
},
{
"category": "external",
"summary": " Versa Director HA Port Exploit - Discovery \u0026 Remediation",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation"
},
{
"category": "external",
"summary": "Firewall Requirements",
"url": "https://docs.versa-networks.com/Getting_Started/Deployment_and_Initial_Configuration/Deployment_Basics/Firewall_Requirements"
}
],
"title": "Versa Networks Versa Director multiple vulnerabilities",
"tracking": {
"current_release_date": "2025-07-02T20:57:00Z",
"generator": {
"engine": {
"name": "VINCE-NT",
"version": "1.9.0"
}
},
"id": "VA-25-169-01",
"initial_release_date": "2025-07-02T20:57:00Z",
"revision_history": [
{
"date": "2025-07-02T20:57:00Z",
"number": "1.0.0",
"summary": "Initial publication"
}
],
"status": "final",
"version": "1.0.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "21.2.2",
"product": {
"name": "Versa Director 21.2.2",
"product_id": "CSAFPID-0001"
}
},
{
"category": "product_version_range",
"name": "\u003e=21.2.3|\u003c21.2.3 June 10, 2025",
"product": {
"name": "Versa Director \u003e=21.2.3|\u003c21.2.3 June 10, 2025",
"product_id": "CSAFPID-0002"
}
},
{
"category": "product_version",
"name": "22.1.1",
"product": {
"name": "Versa Director 22.1.1",
"product_id": "CSAFPID-0003"
}
},
{
"category": "product_version_range",
"name": "\u003e=22.1.2|\u003c22.1.2 June 10, 2025",
"product": {
"name": "Versa Director \u003e=22.1.2|\u003c22.1.2 June 10, 2025",
"product_id": "CSAFPID-0004"
}
},
{
"category": "product_version_range",
"name": "\u003e=22.1.3|\u003c22.1.3 June 10, 2025",
"product": {
"name": "Versa Director \u003e=22.1.3|\u003c22.1.3 June 10, 2025",
"product_id": "CSAFPID-0005"
}
},
{
"category": "product_version_range",
"name": "\u003e=22.1.4|\u003c22.1.4\u202fFebruary 8, 2025",
"product": {
"name": "Versa Director \u003e=22.1.4|\u003c22.1.4\u202fFebruary 8, 2025",
"product_id": "CSAFPID-0006"
}
},
{
"category": "product_version",
"name": "22.1.4\u202fFebruary 8, 2025",
"product": {
"name": "Versa Director 22.1.4\u202fFebruary 8, 2025",
"product_id": "CSAFPID-0007"
}
},
{
"category": "product_version",
"name": "22.1.3 June 10, 2025",
"product": {
"name": "Versa Director 22.1.3 June 10, 2025",
"product_id": "CSAFPID-0008"
}
},
{
"category": "product_version",
"name": "22.1.2 June 10, 2025",
"product": {
"name": "Versa Director 22.1.2 June 10, 2025",
"product_id": "CSAFPID-0009"
}
},
{
"category": "product_version",
"name": "21.2.3 June 10, 2025",
"product": {
"name": "Versa Director 21.2.3 June 10, 2025",
"product_id": "CSAFPID-0010"
}
},
{
"category": "product_version",
"name": "21.2.3",
"product": {
"name": "Versa Director 21.2.3",
"product_id": "CSAFPID-0011"
}
},
{
"category": "product_version",
"name": "22.1.2",
"product": {
"name": "Versa Director 22.1.2",
"product_id": "CSAFPID-0012"
}
},
{
"category": "product_version",
"name": "22.1.3",
"product": {
"name": "Versa Director 22.1.3",
"product_id": "CSAFPID-0013"
}
}
],
"category": "product_name",
"name": "Director"
}
],
"category": "vendor",
"name": "Versa"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23168",
"cwe": {
"id": "CWE-307",
"name": "Improper Restriction of Excessive Authentication Attempts"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the OTP delivery (SMS/email) to their own device. OTP/TOTP codes are not invalidated after use, enabling reuse by an attacker who has previously intercepted or obtained a valid code. In addition, the 2FA system does not adequately restrict the number or frequency of login attempts. The OTP values are generated from a relatively small keyspace, making brute-force attacks more feasible.\n\nExploitation Status:\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. \n\nWorkarounds or Mitigation:\nVersa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:P/2025-06-30T21:36:09Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director multiple 2FA/OTP vulnerabilities"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23169",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting (XSS) payloads.\n\nExploitation Status:\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nWorkarounds or Mitigation:\nThere are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:P/2025-07-02T17:31:51Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526a08dc94d6b9f2faf716"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director stored XSS"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23170",
"cwe": {
"id": "CWE-78",
"name": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system.\n\nExploitation Status:\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. \n\nWorkarounds or Mitigation:\nThere are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:T/2025-07-02T17:33:44Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526bc7dc94d6b9f2faf717"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
},
{
"category": "external",
"summary": "code.google.com",
"url": "https://code.google.com/archive/p/shellinabox/issues/261"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director Shell-In-A-Box command injection"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23171",
"cwe": {
"id": "CWE-266",
"name": "Incorrect Privilege Assignment"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filename of uploaded temporary files, including the UUID prefix. Insecure UCPE image upload in Versa Director allows an authenticated attacker to upload a webshell.\n\nExploitation Status:\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nWorkarounds or Mitigation:\nThere are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:T/2025-07-02T17:35:06Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526dbbdc94d6b9f2faf71a"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director insecure file upload"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23172",
"cwe": {
"id": "CWE-1286",
"name": "Improper Validation of Syntactic Correctness of Input"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the \"Add Webhook\" and \"Test Webhook\" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution.\n\nExploitation Status:\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nWorkarounds or Mitigation:\nThere are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:T/2025-07-02T17:36:28Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director insecure webhook validation"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-23173",
"cwe": {
"id": "CWE-250",
"name": "Execution with Unnecessary Privileges"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nWorkarounds or Mitigation:\nRestrict access to TCP port 6080 if uCPE console access is not necessary. Versa recommends that Director be upgraded to one of the remediated software versions.\n\nFrom https://github.com/novnc/websockify/issues/453: \"Websockify bundles an extremely simple web server for testing purposes, it is not secure or scalable. It isn\u0027t intended for production environments and is not recommended for anyone to use in a real setup.\"",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:T/2025-07-02T17:38:23Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
},
{
"category": "external",
"summary": "Directory traversal vulnerability",
"url": "https://github.com/novnc/websockify/issues/453"
},
{
"category": "external",
"summary": "use Vulnerability Scanner found the CVE-2011-1473 security hole",
"url": "https://github.com/novnc/websockify/issues/404"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director websockfiy exposure"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-24288",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nWorkarounds or Mitigation:\nVersa recommends the following security controls:\n1) Change default passwords to complex passwords\n2) Passwords must be complex with at least 8 characters that comprise of upper case, and lower case alphabets, as well as at at least one digit, and one special character\n3) Passwords must be changed at least every 90 days\n4) Password change history is checked to ensure that the at least the last 5 passwords must be used when changing password.\n5) Review and audit logs for all authentication attempts to check for unauthorized/suspicious login attempts and enforce remediation steps.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:Y/T:T/2025-07-02T17:39:01Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director default administrative credentials for listening services"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2025-24291",
"cwe": {
"id": "CWE-88",
"name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.\n\nThere are no workarounds to disable the GUI option. Versa recommends that Director be upgraded to one of the remediated software versions.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:N/T:P/2025-07-02T17:45:19Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007",
"CSAFPID-0008",
"CSAFPID-0009",
"CSAFPID-0010"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526fc6dc94d6b9f2faf71d"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "none_available",
"details": "No fix information provided for 21.2.2.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0002"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "none_available",
"details": "No fix information provided for 22.1.1.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0004"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0005"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0008"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 22.1.2 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0009"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
},
{
"category": "vendor_fix",
"date": "2025-06-10T00:00:00Z",
"details": "Fixed in 21.2.3 June 10, 2025, and later.",
"product_ids": [
"CSAFPID-0010"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002",
"CSAFPID-0003",
"CSAFPID-0004",
"CSAFPID-0005",
"CSAFPID-0006"
]
}
],
"title": "Versa Networks Versa Director file upload argument injection"
},
{
"acknowledgments": [
{
"names": [
"Matthew Galligan"
],
"organization": "CISA Rapid Action Force (RAF)"
}
],
"cve": "CVE-2024-45208",
"cwe": {
"id": "CWE-1392",
"name": "Use of Default Credentials"
},
"notes": [
{
"category": "summary",
"text": "The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide.\n\nVersa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.",
"title": "Description"
},
{
"category": "details",
"text": "SSVCv2/E:P/A:Y/T:T/2025-07-02T17:45:58Z/",
"title": "SSVC"
}
],
"product_status": {
"fixed": [
"CSAFPID-0007"
],
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0011",
"CSAFPID-0006",
"CSAFPID-0003",
"CSAFPID-0012",
"CSAFPID-0013"
]
},
"references": [
{
"category": "external",
"summary": "security-portal.versa-networks.com",
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2"
},
{
"category": "external",
"summary": "support.versa-networks.com",
"url": "https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3"
},
{
"category": "external",
"summary": "docs.versa-networks.com",
"url": "https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566"
}
],
"release_date": "2025-06-18T00:00:00Z",
"remediations": [
{
"category": "workaround",
"date": "2024-08-16T00:00:00Z",
"details": "Implement manual hardening, see https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Ports_4566.2C_4570.2C_and_5432 and https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation.",
"product_ids": [
"CSAFPID-0001"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "workaround",
"date": "2024-06-18T00:00:00Z",
"details": "Implement manual hardening, see https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Ports_4566.2C_4570.2C_and_5432 and https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation.",
"product_ids": [
"CSAFPID-0011"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0006"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "vendor_fix",
"date": "2025-02-08T00:00:00Z",
"details": "Fixed in 22.1.4\u202fFebruary 8, 2025, and later.",
"product_ids": [
"CSAFPID-0007"
]
},
{
"category": "workaround",
"date": "2024-08-16T00:00:00Z",
"details": "Implement manual hardening, see https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Ports_4566.2C_4570.2C_and_5432 and https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation.",
"product_ids": [
"CSAFPID-0003"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "workaround",
"date": "2024-08-16T00:00:00Z",
"details": "Implement manual hardening, see https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Ports_4566.2C_4570.2C_and_5432 and https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation.",
"product_ids": [
"CSAFPID-0012"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
},
{
"category": "workaround",
"date": "2024-08-16T00:00:00Z",
"details": "Implement manual hardening, see https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Ports_4566.2C_4570.2C_and_5432 and https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation.",
"product_ids": [
"CSAFPID-0013"
],
"url": "https://security-portal.versa-networks.com/emailbulletins/68526c3cdc94d6b9f2faf718"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0011",
"CSAFPID-0006",
"CSAFPID-0003",
"CSAFPID-0012",
"CSAFPID-0013"
]
}
],
"title": "Versa Networks Versa Director default administrative NCS credentials"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…