{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-45229", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "state": "PUBLISHED", "assignerShortName": "hackerone", "dateReserved": "2024-08-24T01:00:01.733Z", "datePublished": "2024-09-20T18:09:30.570Z", "dateUpdated": "2024-09-20T18:53:08.178Z"}, "containers": {"cna": {"descriptions": [{"lang": "en", "value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance."}], "affected": [{"defaultStatus": "unaffected", "vendor": "Versa", "product": "Director", "versions": [{"version": "22.1.4 20240909", "status": "affected", "lessThan": "22.1.4 20240909", "versionType": "custom"}, {"version": "22.1.3 20240909", "status": "affected", "lessThan": "22.1.3 20240909", "versionType": "custom"}, {"version": "22.1.2 20240909", "status": "affected", "lessThan": "22.1.2 20240909", "versionType": "custom"}, {"version": "22.1.1 20240909", "status": "affected", "lessThan": "22.1.1 20240909", "versionType": "custom"}, {"version": "21.2.3 20240909", "status": "affected", "lessThan": "21.2.3 20240909", "versionType": "custom"}, {"version": "21.2.2 20240909", "status": "affected", "lessThan": "21.2.2 20240909", "versionType": "custom"}]}], "references": [{"url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9"}], "metrics": [{"cvssV3_0": {"version": "3.0", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.6, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-09-20T18:09:30.570Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-306", "lang": "en", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "affected": [{"vendor": "versa", "product": "director", "cpes": ["cpe:2.3:a:versa:director:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "22.1.4", "status": "affected"}, {"version": "22.1.3", "status": "affected"}, {"version": "22.1.2", "status": "affected"}, {"version": "22.1.1", "status": "affected"}, {"version": "21.2.3", "status": "affected"}, {"version": "21.2.2", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-20T18:45:34.826535Z", "id": "CVE-2024-45229", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T18:53:08.178Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-45229", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-20T18:45:34.826535Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:versa:director:*:*:*:*:*:*:*:*"], "vendor": "versa", "product": "director", "versions": [{"status": "affected", "version": "22.1.4"}, {"status": "affected", "version": "22.1.3"}, {"status": "affected", "version": "22.1.2"}, {"status": "affected", "version": "22.1.1"}, {"status": "affected", "version": "21.2.3"}, {"status": "affected", "version": "21.2.2"}], "defaultStatus": "unknown"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-306", "description": "CWE-306 Missing Authentication for Critical Function"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-20T18:52:56.620Z"}}], "cna": {"metrics": [{"cvssV3_0": {"version": "3.0", "baseScore": 6.6, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Versa", "product": "Director", "versions": [{"status": "affected", "version": "22.1.4 20240909", "lessThan": "22.1.4 20240909", "versionType": "custom"}, {"status": "affected", "version": "22.1.3 20240909", "lessThan": "22.1.3 20240909", "versionType": "custom"}, {"status": "affected", "version": "22.1.2 20240909", "lessThan": "22.1.2 20240909", "versionType": "custom"}, {"status": "affected", "version": "22.1.1 20240909", "lessThan": "22.1.1 20240909", "versionType": "custom"}, {"status": "affected", "version": "21.2.3 20240909", "lessThan": "21.2.3 20240909", "versionType": "custom"}, {"status": "affected", "version": "21.2.2 20240909", "lessThan": "21.2.2 20240909", "versionType": "custom"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9"}], "descriptions": [{"lang": "en", "value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance."}], "providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2024-09-20T18:09:30.570Z"}}}, "cveMetadata": {"cveId": "CVE-2024-45229", "state": "PUBLISHED", "dateUpdated": "2024-09-20T18:53:08.178Z", "dateReserved": "2024-08-24T01:00:01.733Z", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "datePublished": "2024-09-20T18:09:30.570Z", "assignerShortName": "hackerone"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance."}, {"lang": "es", "value": "Versa Director ofrece API REST para orquestaci\u00f3n y administraci\u00f3n. Por dise\u00f1o, ciertas API, como la pantalla de inicio de sesi\u00f3n, la visualizaci\u00f3n de banners y el registro de dispositivos, no requieren autenticaci\u00f3n. Sin embargo, se descubri\u00f3 que para los Directors conectados directamente a Internet, una de estas API se puede explotar inyectando argumentos no v\u00e1lidos en una solicitud GET, lo que potencialmente expone los tokens de autenticaci\u00f3n de otros usuarios que hayan iniciado sesi\u00f3n en ese momento. Estos tokens se pueden usar para invocar API adicionales en el puerto 9183. Este exploit no revela ninguna informaci\u00f3n de nombre de usuario o contrase\u00f1a. Actualmente, no hay workarounds en Versa Director. Sin embargo, si hay un firewall de aplicaciones web (WAF) o una puerta de enlace de API frente a Versa Director, se puede usar para bloquear el acceso a las URL de API vulnerables. /vnms/devicereg/device/* (en los puertos 9182 y 9183) y /versa/vnms/devicereg/device/* (en el puerto 443). Versa recomienda que los Directors se actualicen a una de las versiones de software corregidas. Esta vulnerabilidad no se puede explotar en los Directors de Versa que no est\u00e9n expuestos a Internet. Hemos comprobado que ninguna de las cabeceras alojadas en Versa se ha visto afectada por esta vulnerabilidad. P\u00f3ngase en contacto con el equipo de asistencia t\u00e9cnica de Versa o con el equipo de cuentas de Versa para obtener m\u00e1s ayuda."}], "id": "CVE-2024-45229", "lastModified": "2024-09-26T13:32:55.343", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 0.7, "impactScore": 5.9, "source": "support@hackerone.com", "type": "Secondary"}]}, "published": "2024-09-20T19:15:16.080", "references": [{"source": "support@hackerone.com", "url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-306"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}