CVE-2024-45208: 
Versa Director vulnerability analysis and mitigation

CVE-2024-45208 affects the Versa Director SD-WAN orchestration platform that uses Cisco NCS application service. The vulnerability exists in the communication between Active and Standby Directors over TCP ports 4566 and 4570 for High Availability (HA) information exchange using a shared password. The affected versions of Versa Director bind these ports to all interfaces, allowing potential unauthorized access (NVD).

The vulnerability centers on the exposure of TCP ports 4566 and 4570 used for HA communication between Director nodes. The CVSS v3.1 base score is 9.8 (CRITICAL) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating network accessibility, low attack complexity, and no required privileges or user interaction (HackerOne).

An attacker who can access the Versa Director could exploit the NCS service on port 4566 to perform unauthorized administrative actions and achieve remote code execution. The vulnerability affects both Active and Standby Directors in the HA setup (NVD).

Customers are recommended to follow the hardening guide which includes securing HA ports by running the secure-utils.sh script on both primary and secondary Director nodes. The script modifies iptables rules to deny access to ports 4566, 4570, and 5432 except for peer node IP addresses in the HA setup (Versa Docs).