API Attacks and Token Theft Possible Due to Vulnerability in Versa Director

Published:

spot_img

Critical Vulnerability in Versa Director: Immediate Action Required to Protect Networks and Data

Cybersecurity experts are sounding the alarm on critical vulnerabilities found in Versa Director, a network configuration management platform used by internet service providers and managed service providers. The Cybersecurity and Infrastructure Security Agency (CISA) has identified a 6.6-severity vulnerability, CVE-2024-45229, that could have far-reaching consequences if exploited.

This latest flaw in Versa Director is a result of improper input validation and affects multiple versions of the software. Organizations are being urged to update to the latest version to safeguard their networks from potential attacks. This advisory comes on the heels of a previous high-severity vulnerability, CVE-2024-39717, which was exploited in a recent supply chain attack.

According to Cyble’s ODIN scanner, there are currently 73 internet-exposed instances of Versa Director, raising concerns about the extent of the exposure. The new vulnerability could be exploited through Versa Director’s REST APIs, allowing attackers to inject invalid arguments into GET requests and potentially expose authentication tokens of logged-in users.

Cyble researchers have emphasized the importance of implementing the latest patches, upgrading to secure versions, and employing additional security measures such as web application firewalls and network segmentation. By following these recommended mitigations and best practices, organizations can shore up their defenses against potential breaches and safeguard sensitive data and operational integrity.

spot_img

Related articles

Recent articles

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud

Kanpur Woman Loses ₹4 Lakh in Matrimonial Gift Parcel Cyber Fraud In a troubling incident from Kanpur, a woman has reportedly fallen victim to a...

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards

Valu Launches Egypt’s First Instant Cashback Loyalty Program, Transforming Everyday Spending Rewards Cairo: Valu, a prominent financial technology firm in the Middle East and North...

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw

Laser Attack Resets Tangem Wallet Passwords, Exposing Unpatchable Security Flaw Researchers from Ledger's Donjon security team have uncovered a significant vulnerability in Tangem crypto wallet...

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate

US Authorities Indict Lawrence Bishnoi and Goldy Brar, Elevating Criminal Network to Tier-1 Transnational Syndicate In a significant escalation of international crime enforcement, the United...