The recent discovery of vulnerabilities in Versa Networks’ Versa Director has raised concerns among cybersecurity experts due to the potential downstream effects on networks managed by internet service providers and managed service providers. The Cybersecurity and Infrastructure Security Agency (CISA) has flagged a significant vulnerability in Versa Director, labeled as CVE-2024-45229, with a severity rating of 6.6. This vulnerability, stemming from improper input validation, affects multiple versions of the software and necessitates immediate action from organizations utilizing vulnerable versions.
Following a previous high-severity vulnerability (CVE-2024-39717) used in a supply chain attack last month, the new flaw in Versa Director poses a threat to network security. Cyble’s ODIN scanner has identified 73 internet-exposed instances of Versa Director, although the extent of vulnerability within these instances remains unclear.
The latest vulnerability in Versa Director allows for improper input validation in certain REST APIs, potentially enabling attackers to exploit the flaw and gain access to authentication tokens of logged-in users. While the exploit does not disclose user credentials, the exposure of authentication tokens could lead to broader security breaches, impacting sensitive data and operational integrity.
To mitigate the risk associated with the vulnerability in Versa Director, Cyble recommends implementing the latest patches provided by Versa Networks, upgrading to patched versions of the software, isolating critical systems through network segmentation, and employing web application firewalls or API gateways to block access to vulnerable APIs.
Additionally, Cyble advises utilizing advanced Security Information and Event Management (SIEM) systems to detect unusual activities, regularly reviewing logs and alerts for real-time threat identification, uncovering weaknesses in network infrastructure, and remedying vulnerabilities promptly to thwart potential exploitation by malicious actors.
The affected versions of Versa Director include those released before September 9, 2024, with hot fixes available in versions released on or after September 12. The vulnerability is primarily associated with APIs that do not require authentication, such as login interfaces, banner displays, and device registration interfaces.
In conclusion, the discovery of vulnerabilities in Versa Director underscores the importance of proactive cybersecurity measures and prompt remediation of software flaws to safeguard network infrastructure from potential exploitation. By following best practices and implementing recommended mitigations, organizations can enhance their security posture and reduce the risk of cyber threats.