- Description
- The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment. Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. Please contact Versa Technical Support or Versa account team for any further assistance. Software Download Links: 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
- Source
- support@hackerone.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
- Severity
- CRITICAL
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-798
- Hype score
- Not currently trending
Versa Director の重大な脆弱性 CVE-2024-42450 (CVSS 10.0) が FIX:直ちにアップデートを! https://t.co/lBoxWDxbtk #postgres #PostgreSQL #Versa #VersaDirector #VersaNetworks #Vulnerability
@iototsecnews
2 Dec 2024
108 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-42450 alert 🚨 Versa Director: default credentials exposure The vulnerability is actively exploited in the wild and has been integrated into Patrowl. Our customers assets are protected. 🦉 #CyberSecurity #InfoSec #versadirector https://t.co/facbjJjk6D
@Patrowl_io
22 Nov 2024
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Versa Networks has issued a security advisory addressing a critical vulnerability (CVE-2024-42450) affecting its Versa Director software. The vulnerability, which carries a CVSS score of 10, could allow unauthenticated attackers to access sensitive data, escalate privileges,…
@cybertzar
22 Nov 2024
37 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨🚨CVE-2024-42450 (CVSS: 10) : Versa Networks Addresses Critical Vulnerability in Versa Director ⚠️By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or… ht
@zoomeye_team
21 Nov 2024
438 Impressions
0 Retweets
6 Likes
1 Bookmark
0 Replies
0 Quotes
🚨🚨CVE-2024-42450 (CVSS: 10) : Versa Networks Addresses Critical Vulnerability in Versa Director ⚠️By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or… ht
@zoomeye_team
21 Nov 2024
33 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Versa DirectorでCVSSスコア10の脆弱性CVE-2024-42450が修正された。データを保存するPostgreSQLのデフォルト構成が、共通の初期パスワードになっており、かつ全ネットワークインタフェースに露出しているもの。あのさぁ… https://t.co/XglWLq7W7i
@__kokumoto
21 Nov 2024
2156 Impressions
10 Retweets
29 Likes
5 Bookmarks
0 Replies
0 Quotes
CVE-2024-42450 The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The… https://t.co/CyZbvTxs7P
@CVEnew
20 Nov 2024
306 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes