The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. 
Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API.  /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance.
                
            Metrics
Affected Vendors & Products
References
        History
                    Fri, 20 Sep 2024 19:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| First Time appeared | Versa Versa director | |
| Weaknesses | CWE-306 | |
| CPEs | cpe:2.3:a:versa:director:*:*:*:*:*:*:*:* | |
| Vendors & Products | Versa Versa director | |
| Metrics | ssvc 
 | 
Fri, 20 Sep 2024 18:30:00 +0000
| Type | Values Removed | Values Added | 
|---|---|---|
| Description | The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance. | |
| References |  | |
| Metrics | cvssV3_0 
 | 
 MITRE
                        MITRE
                    Status: PUBLISHED
Assigner: hackerone
Published: 2024-09-20T18:09:30.570Z
Updated: 2024-09-20T18:53:08.178Z
Reserved: 2024-08-24T01:00:01.733Z
Link: CVE-2024-45229
 Vulnrichment
                        Vulnrichment
                    Updated: 2024-09-20T18:52:56.620Z
 NVD
                        NVD
                    Status : Awaiting Analysis
Published: 2024-09-20T19:15:16.080
Modified: 2024-09-26T13:32:55.343
Link: CVE-2024-45229
 Redhat
                        Redhat
                    No data.