Versa Networks
Products
8- 15 CVEs
- 3 CVEs
- 3 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 2 CVEs
- 1 CVE
Recent CVEs
24| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-34027 | Cri | 0.68 | — | 0.36 | May 21, 2025 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU)… | ||
| CVE-2025-34026 | Hig | 0.67 | 7.5 | 0.83 | KEV | May 21, 2025 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace… | |
| CVE-2024-42450 | Cri | 0.65 | 10.0 | 0.01 | Nov 19, 2024 | The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director… | ||
| CVE-2025-24288 | Cri | 0.64 | 9.8 | 0.00 | Jun 19, 2025 | The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the… | ||
| CVE-2024-45208 | Cri | 0.64 | 9.8 | 0.01 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director… | ||
| CVE-2019-25029 | Cri | 0.64 | 9.8 | 0.03 | May 26, 2021 | In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP… | ||
| CVE-2024-39717 | Hig | 0.59 | 7.2 | 0.04 | KEV | Aug 22, 2024 | The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change… | |
| CVE-2018-16494 | Hig | 0.57 | 8.8 | 0.02 | May 26, 2021 | In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present… | ||
| CVE-2025-34025 | Hig | 0.56 | — | 0.00 | May 21, 2025 | The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code… | ||
| CVE-2025-34290 | Hig | 0.55 | — | 0.00 | Dec 20, 2025 | Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations… | ||
| CVE-2018-16497 | Hig | 0.51 | 7.8 | 0.00 | May 26, 2021 | In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is… | ||
| CVE-2025-23173 | Hig | 0.49 | 7.5 | 0.01 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as… | ||
| CVE-2025-23172 | Hig | 0.47 | 7.2 | 0.01 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This… | ||
| CVE-2025-23171 | Hig | 0.47 | 7.2 | 0.00 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director… | ||
| CVE-2025-23170 | Med | 0.44 | 6.7 | 0.01 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an… | ||
| CVE-2024-45229 | Med | 0.43 | 6.6 | 0.01 | Sep 20, 2024 | The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one… | ||
| CVE-2025-23168 | Med | 0.41 | 6.3 | 0.00 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and… | ||
| CVE-2025-24291 | Med | 0.40 | 6.1 | 0.00 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME… | ||
| CVE-2025-23169 | Med | 0.40 | 6.1 | 0.00 | Jun 19, 2025 | The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store… | ||
| CVE-2021-39285 | Med | 0.40 | 6.1 | 0.01 | Sep 7, 2021 | A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. |
- risk 0.68cvss —epss 0.36
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU)…
- risk 0.67cvss 7.5epss 0.83
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace…
- risk 0.65cvss 10.0epss 0.01
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director…
- risk 0.64cvss 9.8epss 0.00
The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the…
- risk 0.64cvss 9.8epss 0.01
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director…
- risk 0.64cvss 9.8epss 0.03
In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP…
- risk 0.59cvss 7.2epss 0.04
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change…
- risk 0.57cvss 8.8epss 0.02
In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present…
- risk 0.56cvss —epss 0.00
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code…
- risk 0.55cvss —epss 0.00
Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations…
- risk 0.51cvss 7.8epss 0.00
In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is…
- risk 0.49cvss 7.5epss 0.01
The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as…
- risk 0.47cvss 7.2epss 0.01
The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This…
- risk 0.47cvss 7.2epss 0.00
The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director…
- risk 0.44cvss 6.7epss 0.01
The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an…
- risk 0.43cvss 6.6epss 0.01
The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one…
- risk 0.41cvss 6.3epss 0.00
The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and…
- risk 0.40cvss 6.1epss 0.00
The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME…
- risk 0.40cvss 6.1epss 0.00
The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store…
- risk 0.40cvss 6.1epss 0.01
A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.