CVE-2024-45208 | The Versa Director SD-WAN orchestration platform which makes… | CVSS 9.8 CRITICAL

Description

The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

Metadata

CVE ID: CVE-2024-45208
State: PUBLISHED
Assigner: hackerone
Reserved: 2024-08-23 01:00 UTC
Published: 2025-06-18 23:30 UTC
Last updated: 2025-06-23 16:04 UTC
Primary CWE: CWE-284
CWE-284 Improper Access Control
Vendor / Product: Versa / Director
Sources: cve.org · NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: yes
Tech. Impact: total

Affected products (1)

Vendor	Product	Platform	Versions
Versa	Director	—	21.2.2 ≤ 21.2.2, 21.2.3 ≤ 21.2.3, 22.1.1 ≤ 22.1.1, 22.1.2 ≤ 22.1.2 …

Weakness (CWE)

CWE	Source	Description
CWE-284	adp	CWE-284 Improper Access Control

CVSS scores (1)

Score	Severity	Version	Source	Vector
9.8	CRITICAL	3.1	cna	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References (7)