Versa Director
12 CVEs affecting Versa Director. Latest disclosed: 2025-06-18. Critical: 3, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-42450 | Critical | 10.0 | 2024-11-19 | The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Direct… |
CVE-2025-24288 | Critical | 9.8 | 2025-06-18 | The Versa Director software exposes a number of services by default and allow attackers an easy foothold due to default credentials and multiple accounts (most… |
CVE-2024-45208 | Critical | 9.8 | 2025-06-18 | The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566… |
CVE-2025-23173 | High | 7.5 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides direct web-based access to uCPE virtual machines through the Director GUI. By default, the websockify… |
CVE-2025-23171 | High | 7.2 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides an option to upload various types of files. The Versa Director does not correctly limit file upload p… |
CVE-2025-23172 | High | 7.2 | 2025-06-18 | The Versa Director SD-WAN orchestration platform includes a Webhook feature for sending notifications to external HTTP endpoints. However, the "Add Webhook" an… |
CVE-2025-23170 | Medium | 6.7 | 2025-06-18 | The Versa Director SD-WAN orchestration platform includes functionality to initiate SSH sessions to remote CPEs and the Director shell via Shell-In-A-Box. The… |
CVE-2024-45229 | Medium | 6.6 | 2024-09-20 | The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registratio… |
CVE-2024-39717 | Medium | 6.6 | 2024-08-22 | The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-D… |
CVE-2025-23168 | Medium | 6.3 | 2025-06-18 | The Versa Director SD-WAN orchestration platform implements Two-Factor Authentication (2FA) using One-Time Passcodes (OTP) delivered via email or SMS. Versa Di… |
CVE-2025-24291 | Medium | 6.1 | 2025-06-18 | The Versa Director SD-WAN orchestration platform provides functionality to upload various types of files. However, the Java code handling file uploads contains… |
CVE-2025-23169 | Medium | 6.1 | 2025-06-18 | The Versa Director SD-WAN orchestration platform allows customization of the user interface, including the header, footer, and logo. However, the input provide… |