Versa Networks has released an advisory for a vulnerability (CVE-2024-45229) affecting Versa Director. This vulnerability could be exploited by a cyber threat actor to exercise unauthorized REST APIs used for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information.

CISA urges organizations to apply necessary updates, hunt for any malicious activity, report any positive findings to CISA, and review the Versa Advisory for more information.