CVE-2024-45229
📋 TL;DR
This vulnerability in Versa Director allows unauthenticated attackers to steal authentication tokens from currently logged-in users by exploiting an unprotected API endpoint. Only internet-facing Versa Director instances are affected, as the exploit requires direct internet access to the vulnerable API.
💻 Affected Systems
- Versa Director
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain administrative access to the Versa Director using stolen authentication tokens, potentially compromising the entire network orchestration and management system.
Likely Case
Attackers steal authentication tokens and use them to access sensitive management functions, potentially modifying network configurations or accessing sensitive data.
If Mitigated
With proper network segmentation and WAF protection, the vulnerability cannot be exploited, maintaining normal system operation.
🎯 Exploit Status
Exploitation involves injecting invalid arguments into GET requests to specific API endpoints without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Remediated software versions (specific versions not provided in advisory)
Vendor Advisory: https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Restart Required: Yes
Instructions:
1. Contact Versa Technical Support for remediation guidance. 2. Upgrade Versa Director to remediated software version. 3. Restart affected services.
🔧 Temporary Workarounds
WAF/API Gateway Protection
allBlock access to vulnerable API endpoints using Web Application Firewall or API Gateway
Block URLs: /vnms/devicereg/device/* (ports 9182 & 9183) and /versa/vnms/devicereg/device/* (port 443)
🧯 If You Can't Patch
- Ensure Versa Director is not directly exposed to the internet
- Implement strict network segmentation and firewall rules to restrict access to management interfaces
🔍 How to Verify
Check if Vulnerable:
Check if Versa Director is internet-facing and running vulnerable versions. Test API endpoints for token disclosure.Check Version:
Check Versa Director software version via management interface or CLIVerify Fix Applied:
Verify upgrade to remediated version and test that API endpoints no longer disclose authentication tokens.📡 Detection & Monitoring
Log Indicators:
- Unusual GET requests to /vnms/devicereg/device/* endpoints
- Multiple failed authentication attempts followed by successful API calls
Network Indicators:
- Unusual traffic patterns to ports 9182, 9183, and 443 from external sources
- API calls to device registration endpoints without proper authentication
SIEM Query:
source_ip=external AND (dest_port=9182 OR dest_port=9183 OR dest_port=443) AND uri_path CONTAINS '/vnms/devicereg/device/'