Versa Networks Versa Director multiple vulnerabilities

RISK EVALUATION Versa Networks Versa Director contains a variety of vulnerabilities. In the most severe cases, a remote, unauthenticated attacker could execute arbitrary code with administrative privileges. 2. RECOMMENDED PRACTICES Upgrade to fixed versions of Versa Director. See...

CVE-2025-23170

CVE-2025-23170 affects Versa Director SD-WAN. The flaw resides in the Shell-In-A-Box integration via the Python script shell-connect.py, which accepts a user argument vulnerable to command injection. A successful exploitation would allow an attacker to execute arbitrary commands on the Versa Dire...

CVE-2025-23169

CVE-2025-23169 affects the Versa Director SD-WAN orchestration platform. The vulnerability stems from unvalidated or unsanitized input used for UI customization (header, footer, logo), enabling a malicious user to inject and store cross-site scripting (XSS) payloads. Exploitation status across so...

Versa Networks Versa Director insecure default PostgreSQL configuration

RISK EVALUATION Versa Networks Versa Director, by default, configures PostgreSQL to listen on all network interfaces using database credentials shared by multiple installations. From Advising Vulnerability In Versa Director: "This combination allows an unauthenticated attacker to access and...

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT Sectors

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet...

Versa Networks Versa Director 安全漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director that stems from an unencrypted backup file containing...

Versa Networks Versa Director 授权问题漏洞

Versa Networks Versa Director is a virtualization and service creation platform from Versa Networks, USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. Versa Director suffers from an authorization issue vulnerability that originates from an unauthenticated...

Versa Networks: Versa Director is susceptible to Command Injection attacks (e.g., SQL, LDAP, XML, Xpath)

In Versa Director, the command injection is an attack in which the goal is execution of arbitrary commands on the host operating system via a vulnerable application. Command injection attacks are possible when an application passes unsafe user supplied data forms, cookies, HTTP headers etc. to a...

Versa Networks: Passwords Stored Insecurely

In Versa Director, Versa Analytics and VOS, Passwords are not hashed using an adaptive cryptographic hash function or key derivation function prior to storage. Popular hashing algorithms based on the Merkle-Damgardconstruction such as MD5 and SHA-1 alone are insufficient in thwarting password...

Versa Networks: Plaintext Credentials in Backups & Configs

In Versa Director, the unencrypted backup files stored on the Versa deployment contain credentials stored within configuration files. These credentials are for various application components such as SNMP, and SSL and Trust keystores...

Versa Networks: Unapproved SSH Encryption Enabled

In VOS compromised, an attacker at network endpoints can possibly view communications between an unsuspecting user and the service using man-in-the-middle attacks. Usage of unapproved SSH encryption protocols or cipher suites also violates the Data Protection TSR Technical Security Requirements...

Versa Networks: Privilege Escalation Using Cron Jobs

In Versa Analytics, the cron jobs are used for scheduling tasks by executing commands at specific dates and times on the server. If the job is run as the user root, there is a potential privilege escalation vulnerability. In this case, the job runs a script as root that is writable by users who a...

Versa Networks: Possible to change log level without authentication

In Versa Director, the un-authentication request found...

Versa Networks: Insecure File Creation Mask

In VOS and overly permissive "umask" may allow for authorized users of the server to gain unauthorized access through insecure file permissions that can result in an arbitrary read, write, or execution of newly created files and directories. Insecure umask setting was present throughout the Versa...