Описание
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system.
Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment.
Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-
EPSS
10 Critical
CVSS3
10 Critical
CVSS3
Дефекты
Связанные уязвимости
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment. Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.ver...
Уязвимость программной платформы управления сетевой инфраструктуры Versa Director, связанная с использованием предустановленных учетных данных при конфигурации с PostgreSQL, позволяющая нарушителю получить доступ к конфиденциальным данным, повысить свои привилегии и потенциально выполнить произвольный код
EPSS
10 Critical
CVSS3
10 Critical
CVSS3