Remote Code Execution Vulnerability in Versa Director SD-WAN by Versa Networks
CVE-2024-45208

9.8CRITICAL

Key Information:

Vendor: Versa
Status: Director
Vendor: CVE Published:; 19 June 2025

What is CVE-2024-45208?

A vulnerability exists in the Versa Director SD-WAN orchestration platform, which utilizes the Cisco NCS application service. The platform's Active and Standby Directors use TCP ports 4566 and 4570 to exchange High Availability (HA) information protected by a shared password. Attackers with access to the Versa Director could reach the NCS service on port 4566, enabling unauthorized administrative actions and potential remote code execution. Although no known exploits have been identified, it is crucial for users to adhere to the provided hardening guides to mitigate risks.

Affected Version(s)

Director 21.2.2

Director 21.2.3

Director 22.1.1

References

https://security-portal.versa-networks.com/emailbulletins...

https://support.versa-networks.com/support/solutions/arti...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 19, 2025

JSON