Critical Vulnerability in Versa Director: Immediate Action Required to Protect Networks and Data

Cybersecurity experts are sounding the alarm on critical vulnerabilities found in Versa Director, a network configuration management platform used by internet service providers and managed service providers. The Cybersecurity and Infrastructure Security Agency (CISA) has identified a 6.6-severity vulnerability, CVE-2024-45229, that could have far-reaching consequences if exploited.

This latest flaw in Versa Director is a result of improper input validation and affects multiple versions of the software. Organizations are being urged to update to the latest version to safeguard their networks from potential attacks. This advisory comes on the heels of a previous high-severity vulnerability, CVE-2024-39717, which was exploited in a recent supply chain attack.

According to Cyble’s ODIN scanner, there are currently 73 internet-exposed instances of Versa Director, raising concerns about the extent of the exposure. The new vulnerability could be exploited through Versa Director’s REST APIs, allowing attackers to inject invalid arguments into GET requests and potentially expose authentication tokens of logged-in users.

Cyble researchers have emphasized the importance of implementing the latest patches, upgrading to secure versions, and employing additional security measures such as web application firewalls and network segmentation. By following these recommended mitigations and best practices, organizations can shore up their defenses against potential breaches and safeguard sensitive data and operational integrity.