VYPR

Vendor CVEs

Versa Networks

All CVEs

24 total · sorted by risk
  • CVE-2025-34027CriMay 21, 2025
    risk 0.68cvss epss 0.36

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU)…

  • CVE-2025-34026HigKEVMay 21, 2025
    risk 0.67cvss 7.5epss 0.83

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace…

  • CVE-2024-42450CriNov 19, 2024
    risk 0.65cvss 10.0epss 0.01

    The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director…

  • CVE-2025-24288CriJun 19, 2025
    risk 0.64cvss 9.8epss 0.00

    The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the…

  • CVE-2024-45208CriJun 19, 2025
    risk 0.64cvss 9.8epss 0.01

    The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director…

  • CVE-2019-25029CriMay 26, 2021
    risk 0.64cvss 9.8epss 0.03

    In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data (forms, cookies, HTTP…

  • CVE-2024-39717HigKEVAug 22, 2024
    risk 0.59cvss 7.2epss 0.04

    The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change…

  • CVE-2018-16494HigMay 26, 2021
    risk 0.57cvss 8.8epss 0.02

    In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present…

  • CVE-2025-34025HigMay 21, 2025
    risk 0.56cvss epss 0.00

    The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code…

  • CVE-2025-34290HigDec 20, 2025
    risk 0.55cvss epss 0.00

    Versa SASE Client for Windows versions released between 7.8.7 and 7.9.4 contain a local privilege escalation vulnerability in the audit log export functionality. The client communicates user-controlled file paths to a privileged service, which performs file system operations…

  • CVE-2018-16497HigMay 26, 2021
    risk 0.51cvss 7.8epss 0.00

    In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is…

  • CVE-2025-23173HigJun 19, 2025
    risk 0.49cvss 7.5epss 0.01

    The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as…

  • CVE-2025-23172HigJun 19, 2025
    risk 0.47cvss 7.2epss 0.01

    The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This…

  • CVE-2025-23171HigJun 19, 2025
    risk 0.47cvss 7.2epss 0.00

    The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director…

  • CVE-2025-23170MedJun 19, 2025
    risk 0.44cvss 6.7epss 0.01

    The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an…

  • CVE-2024-45229MedSep 20, 2024
    risk 0.43cvss 6.6epss 0.01

    The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one…

  • CVE-2025-23168MedJun 19, 2025
    risk 0.41cvss 6.3epss 0.00

    The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and…

  • CVE-2025-24291MedJun 19, 2025
    risk 0.40cvss 6.1epss 0.00

    The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME…

  • CVE-2025-23169MedJun 19, 2025
    risk 0.40cvss 6.1epss 0.00

    The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store…

  • CVE-2021-39285MedSep 7, 2021
    risk 0.40cvss 6.1epss 0.01

    A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack.

  • CVE-2019-25030MedMay 26, 2021
    risk 0.36cvss 5.5epss 0.00

    In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction (such as MD5 and SHA-1) alone are insufficient in…

  • CVE-2018-16498MedMay 26, 2021
    risk 0.36cvss 5.5epss 0.00

    In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores.

  • CVE-2018-16496MedMay 26, 2021
    risk 0.35cvss 5.3epss 0.01

    In Versa Director, the un-authentication request found.

  • CVE-2006-6307Dec 5, 2006
    risk 0.00cvss epss 0.02

    srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.