Versa Director Flaw Could Lead To API Attacks, Token Theft - #CVE-2024-45229
A significant security vulnerability, CVE-2024-45229, has been identified in Versa Networks' Versa Director product, potentially exposing enterprise networks to unauthorized access through the exploitation of REST APIs. The flaw, which affects software versions released before September 9, 2024, has a CVSS score of 6.6 and arises from improper input validation, allowing attackers to inject invalid arguments into GET requests. Versa Networks has released hotfixes to address the issue and urges users to upgrade to the patched versions immediately. Both Versa Networks and the Cybersecurity and Infrastructure Security Agency (CISA) recommend implementing additional security measures such as network segmentation, using web application firewalls, and actively monitoring for signs of malicious activity. Despite the existence of a proof-of-concept, no live exploitation has been reported, but organizations are advised to take proactive steps to mitigate potential risks.