Versa Director
Moderate fix4 remedies
cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*
Moderate fix4 remedies
- <= 22.1.4
- <= 22.1.3
- <= 22.1.2
- <= 22.1.1
- <= 21.2.3
- <= 21.2.2
Versa Director SD-WAN Two-Factor Authentication Vulnerability Allowing OTP Redirection and Reuse
Vulnerability
Patched
A vulnerability in the Versa Director SD-WAN orchestration platform's Two-Factor Authentication (2FA) implementation allows for One-Time Passcodes (OTP) to be redirected and reused. The 2FA system, which relies on OTPs delivered via email or SMS, accepts untrusted user input when sending codes. This flaw enables an attacker with a valid username and password to intercept OTP delivery by redirecting it to their own device. Additionally, OTPs are not invalidated after use, allowing for reuse by an attacker who has previously intercepted a code. The 2FA system also lacks proper restrictions on the number and frequency of login attempts, and the OTP values are generated from a small keyspace, making brute-force attacks more feasible.
Impact
Exploitation of this vulnerability could lead to unauthorized access by allowing an attacker to intercept and reuse OTPs, bypassing the 2FA protection.
Remediation
Users are advised to upgrade to Versa Director version 22.1.4 (released February 8, 2025), 22.1.3 (available June 10, 2025), 22.1.2 (also available June 10, 2025), or 21.2.3 (available June 10, 2025).
Added: Jun 19, 2025, 12:33 AM
Updated: Jun 19, 2025, 12:33 AM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
5.0exploitability
4.9remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.