"Versa Networks Patches Vulnerability Exposing Authentication Tokens"

Versa Networks recently announced patches for a vulnerability in the virtualization and service creation platform Versa Director, warning that proof-of-concept (PoC) code exists.  The vulnerability is tracked as CVE-2024-45229 (CVSS score of 6.6) is related to the REST API in Versa Director used for orchestration and management and could lead to the exposure of authentication tokens.  Versa said that the vulnerability cannot be used to expose usernames and passwords and that if the Versa Director is deployed behind a firewall or API gateway, the security solution "can be used to block access to the URLs of vulnerable API." Versa noted that this vulnerability is not exploitable on Versa Directors not exposed to the internet.  Versa has released hotfixes for Director versions 22.1.4, 22.1.3, 22.1.2, and 21.2.3 and recommends that all users update to the latest releases as soon as possible.  Those using Director versions 22.1.1 and 21.2.2 should upgrade to the patched 22.1.3 and 21.2.3 iterations, respectively.  

SecurityWeek reports: "Versa Networks Patches Vulnerability Exposing Authentication Tokens"