{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:57:41.659","vulnerabilities":[{"cve":{"id":"CVE-2024-42450","sourceIdentifier":"support@hackerone.com","published":"2024-11-19T18:15:20.560","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. \n\nExploitation Status:\nVersa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.\n\nWorkarounds or Mitigation:\nStarting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports  \n\nThis vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. \n\nPlease contact Versa Technical Support or Versa account team for any further assistance.\n\nSoftware Download Links:\n22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"},{"lang":"es","value":"Versa Director utiliza PostgreSQL (Postgres) para almacenar datos operativos y de configuración. También es necesario para la función de alta disponibilidad de Versa Director. La configuración predeterminada tiene una contraseña común en todas las instancias de Versa Director. De forma predeterminada, Versa Director configura Postgres para escuchar en todas las interfaces de red. Esta combinación permite que un atacante no autenticado acceda y administre la base de datos o lea el contenido del sistema de archivos local para aumentar los privilegios en el sistema. Estado de explotación: Versa Networks no tiene conocimiento de esta explotación en ningún sistema de producción. Existe una prueba de concepto en el entorno de laboratorio. Soluciones alternativas o mitigación: a partir de la última versión 22.1.4 de Versa Director, el software restringirá automáticamente el acceso a los puertos Postgres y HA solo a los Versa Directors locales y de pares. Para versiones anteriores, Versa recomienda realizar un fortalecimiento manual de los puertos HA. Consulte el siguiente enlace para conocer los pasos https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports Esta vulnerabilidad no se puede explotar en Versa Directors si se implementan las pautas de firewall publicadas. Hemos validado que ninguna de las cabeceras alojadas en Versa se haya visto afectada por esta vulnerabilidad. Todas las cabeceras alojadas en Versa están parcheadas y reforzadas. Comuníquese con el soporte técnico de Versa o con el equipo de cuentas de Versa para obtener más ayuda. Enlaces de descarga de software: 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4"}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV30":[{"source":"support@hackerone.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}]},"weaknesses":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-798"}]}],"references":[{"url":"https://security-portal.versa-networks.com/emailbulletins/6735a300415abb89e9a8a9d3","source":"support@hackerone.com"}]}}]}