Initiatives for
As the national authority for Cybersecurity the CCB has developed several initiatives for specific publics which are presented here.
WARNING: MISSING AUTHENTICATION VULNERABILITY IN VERSA DIRECTOR CAN BE EXPLOITED TO EXFILTRATE AUTHENTICATION TOKENS. PATCH IMMEDIATELY!
Image
Published : 24/09/2024
Reference:
Advisory #2024-226
Version:
1.0
Affected software:
Versa Director 21.2.3
Versa Director 22.1.2
Versa Director 22.1.3
Versa Director 22.1.4
Type:
Missing Authentication for Critical Function
CVE/CVSS:
CVE-2024-45229
CVSS 6.6 (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H)
Sources
Risks
Attackers can obtain authentication tokens of currently logged-in users without needing valid credentials. These stolen tokens can invoke additional APIs on port 9183, potentially gaining unauthorized access to critical functions or sensitive information. It would also be possible to perform actions on behalf of legitimate users, leading to unauthorized changes or data breaches.
Description
The Versa Director, which offers REST APIs for orchestration and management, has a vulnerability in one of its unauthenticated APIs. For Directors directly connected to the Internet, this API can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Patches are available. Users should upgrade to:
Versions | Affected |
|
22.1.4 | 22.1.4 images released before September 9, 2024 | 22.1.4 September 12, 2024 Hot Fix and later. |
22.1.3 | 22.1.3 images released before September 9, 2024 | 22.1.3 September 12, 2024 Hot Fix and later. |
22.1.2 | 22.1.2 images released before September 9, 2024 | 22.1.2 September 12, 2024 Hot Fix and later. |
22.1.1 | All | Please upgrade to 22.1.3 latest version. |
21.2.3 | 21.2.3 images released before September 9, 2024 | 21.2.3 September 12, 2024 Hot Fix and later. |
21.2.2 | All | Please upgrade to 21.2.3 latest version. |
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.