CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42450
https://notcve.org/view.php?id=CVE-2024-42450
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. • https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3 • CWE-798: Use of Hard-coded Credentials •