3 results (0.001 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 9.8EPSS: 4%CPEs: 1EXPL: 1

21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable. • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication •

CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 1

21 May 2025 — The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 th... • https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce • CWE-287: Improper Authentication CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •