CVE-2024-45229: 
Versa Director vulnerability analysis and mitigation

CVE-2024-45229 is a vulnerability discovered in Versa Networks' Versa Director, a centralized management platform for Secure SD-WAN and SASE solutions. The vulnerability was disclosed on September 20, 2024, affecting Versa Director versions released before September 9, 2024, including versions 22.1.4, 22.1.3, 22.1.2, and earlier versions 22.1.1, 21.2.3, and 21.2.2. The flaw exists in the REST APIs used for orchestration and management, where certain APIs designed to bypass authentication can be exploited (Security Online, CISA).

The vulnerability stems from improper input validation in REST APIs that do not require authentication by design, such as login screen, banner display, and device registration interfaces. When Versa Directors are directly connected to the Internet, attackers can exploit this vulnerability by injecting invalid arguments into a GET request. The vulnerability has been assigned a CVSS score of 6.6 (Medium), with the vector string CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H. The vulnerable endpoints include /vnms/devicereg/device/ (on ports 9182 & 9183) and /versa/vnms/devicereg/device/ (on port 443) (NVD, Security Online).

The exploitation of this vulnerability can lead to the exposure of authentication tokens belonging to currently logged-in users. While the vulnerability does not directly expose usernames or passwords, the compromised tokens can be used to invoke additional APIs on port 9183, potentially leading to unauthorized access and broader security breaches. The impact is particularly significant for Versa Directors that are directly connected to the Internet (Security Online).

Versa Networks has released hotfixes for affected versions on September 12, 2024. Users are strongly recommended to upgrade to the patched versions: 22.1.4, 22.1.3, and 22.1.2 with hotfixes, or version 21.2.3 with hotfixes. For users on older versions such as 21.2.2 and 22.1.1, upgrading to version 21.2.3 or 22.1.3 respectively is recommended. As a temporary measure, organizations can employ Web Application Firewalls (WAFs) or API Gateways to block access to the vulnerable API endpoints (Security Online).