CVE-2024-42450
📋 TL;DR
This vulnerability allows unauthenticated attackers to access PostgreSQL databases in Versa Director installations due to default weak credentials and network exposure. Attackers can read files, escalate privileges, or take full control of affected systems. Organizations running Versa Director with default configurations are affected.
💻 Affected Systems
- Versa Director
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise allowing attackers to read sensitive data, modify configurations, disrupt operations, and pivot to other systems.
Likely Case
Database compromise leading to data theft, privilege escalation, and potential lateral movement within the network.
If Mitigated
No impact if proper firewall rules restrict access to PostgreSQL ports or if systems are patched to version 22.1.4+.
🎯 Exploit Status
Proof of concept exists in lab environments but not publicly available. Vendor is not aware of production exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 22.1.4
Vendor Advisory: https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3
Restart Required: Yes
Instructions:
1. Download version 22.1.4 from https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
2. Apply the update following Versa Director upgrade procedures
3. The patch automatically restricts PostgreSQL and HA port access to local and peer systems
🔧 Temporary Workarounds
Manual Port Hardening
linuxManually restrict access to PostgreSQL and HA ports to only local and peer Versa Director systems
Firewall Implementation
allImplement published firewall guidelines to restrict network access to vulnerable ports
🧯 If You Can't Patch
- Implement strict firewall rules to block all external access to PostgreSQL ports (default 5432) and HA ports
- Change PostgreSQL credentials from default and implement strong authentication mechanisms
🔍 How to Verify
Check if Vulnerable:
Check if PostgreSQL is listening on all interfaces (netstat -tulpn | grep 5432) and verify default credentials workCheck Version:
Check Versa Director version through admin interface or system logsVerify Fix Applied:
Verify PostgreSQL only listens on local/peer interfaces after patch and test that default credentials no longer work📡 Detection & Monitoring
Log Indicators:
- Failed PostgreSQL authentication attempts from unexpected sources
- Successful PostgreSQL logins from non-local IPs
- Unusual database queries or configuration changes
Network Indicators:
- External connections to PostgreSQL port 5432
- Traffic to HA ports from unauthorized sources
- Database export/import traffic
SIEM Query:
source_ip NOT IN (allowed_ips) AND dest_port=5432 OR dest_port IN (ha_ports)