216.73.217.22

CVE-2024-45208

· Published 19/06/2025 00:15 · Modified 19/06/2025 00:15

Labels: CVE-2024-45208 2025-06-19CVE-2024-45208[email protected]

Essential information

Published
19/06/2025 00:15
Modified
19/06/2025 00:15
Author
Creator
CVSS
9.8 CRITICAL (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
versa networks / versa director cpe:2.3:a:versa_networks:versa_director:*:*:*:*:*:*:*:*
cisco / ncs cpe:2.3:a:cisco:ncs:*:*:*:*:*:*:*:*

References