Описание
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
EPSS
Дефекты
Связанные уязвимости
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
Уязвимость платформы для автоматизации и оркестровки процессов SD-WAN Versa Concerto, связанная с неправильным присвоением разрешений для критичного ресурса при проверке запроса на подпись сертификата, позволяющая нарушителю выполнить произвольный код и повысить свои привилегии
EPSS