CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24288
https://notcve.org/view.php?id=CVE-2025-24288
18 Jun 2025 — The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most with sudo access) that utilize the same default credentials. By default, Versa director exposes ssh and postgres to the internet, alongside a host of other services. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researcher... • https://security-portal.versa-networks.com/emailbulletins/68526d12dc94d6b9f2faf719 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24291
https://notcve.org/view.php?id=CVE-2025-24291
18 Jun 2025 — The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains an argument injection vulnerability. By appending additional arguments to the file name, an attacker can bypass MIME type validation, allowing the upload of arbitrary file types. This flaw can be exploited to place a malicious file on disk. Versa Networks is not aware of any reported instance where this vulnerability was exploited. • https://security-portal.versa-networks.com/emailbulletins/68526fc6dc94d6b9f2faf71d • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-45208
https://notcve.org/view.php?id=CVE-2024-45208
18 Jun 2025 — The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers... • https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Harden_Port_4566 • CWE-284: Improper Access Control •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23171
https://notcve.org/view.php?id=CVE-2025-23171
18 Jun 2025 — The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload permissions. The UI appears not to allow file uploads but uploads still succeed. In addition, the Versa Director discloses the full filename of uploaded temporary files, including the UUID prefix. Insecure UCPE image upload in Versa Director allows an authenticated attacker to upload a webshell. • https://security-portal.versa-networks.com/emailbulletins/68526dbbdc94d6b9f2faf71a • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23168
https://notcve.org/view.php?id=CVE-2025-23168
18 Jun 2025 — The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Director accepts untrusted user input when dispatching 2FA codes, allowing an attacker who knows a valid username and password to redirect the OTP delivery (SMS/email) to their own device. OTP/TOTP codes are not invalidated after use, enabling reuse by an attacker who has previously intercepted or obtained a valid code. In addition, the 2FA system does ... • https://security-portal.versa-networks.com/emailbulletins/68526512dc94d6b9f2faf715 • CWE-290: Authentication Bypass by Spoofing •
CVSS: 8.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23172
https://notcve.org/view.php?id=CVE-2025-23172
18 Jun 2025 — The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" and "Test Webhook" functionalities can be abused by an authenticated user to send crafted HTTP requests to localhost. This can be leveraged to execute commands on behalf of the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. Exploitation Status: Versa Networks is not aware of any reported instan... • https://security-portal.versa-networks.com/emailbulletins/68526e7bdc94d6b9f2faf71b • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23173
https://notcve.org/view.php?id=CVE-2025-23173
18 Jun 2025 — The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify service is exposed on port 6080 and accessible from the internet. This exposure introduces significant risk, as websockify has known weaknesses that can be exploited, potentially leading to remote code execution. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has be... • https://security-portal.versa-networks.com/emailbulletins/68526ee0dc94d6b9f2faf71c • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23169
https://notcve.org/view.php?id=CVE-2025-23169
18 Jun 2025 — The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provided for these customizations is not properly validated or sanitized, allowing a malicious user to inject and store cross-site scripting (XSS) payloads. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security resear... • https://security-portal.versa-networks.com/emailbulletins/68526a08dc94d6b9f2faf716 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.7EPSS: 0%CPEs: 6EXPL: 0CVE-2025-23170
https://notcve.org/view.php?id=CVE-2025-23170
18 Jun 2025 — The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The underlying Python script, shell-connect.py, is vulnerable to command injection through the user argument. This allows an attacker to execute arbitrary commands on the system. Exploitation Status: Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by th... • https://security-portal.versa-networks.com/emailbulletins/68526bc7dc94d6b9f2faf717 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 8.3EPSS: 5%CPEs: 2EXPL: 0CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability
https://notcve.org/view.php?id=CVE-2024-39717
22 Aug 2024 — The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin ha... • https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability • CWE-434: Unrestricted Upload of File with Dangerous Type •