Primary

Context

Versa Networks Director SD-WAN Privilege Escalation and Remote Code Execution Vulnerability

Vulnerability

Patched

A vulnerability in the Versa Director SD-WAN orchestration platform's Webhook feature allows authenticated users to send crafted HTTP requests to localhost. This exploitation can execute commands as the versa user, who has sudo privileges, potentially leading to privilege escalation or remote code execution. The vulnerability affects Versa Director versions 22.1.4 (prior to February 8, 2025), 22.1.3 (all), 22.1.2 (all), 22.1.1 (all), 21.2.3 (all), and 21.2.2 (all).

Impact

Exploitation of this vulnerability could result in unauthorized privilege escalation or remote code execution on the affected system.

Remediation

Users are advised to upgrade to Versa Director versions 22.1.4 (February 8, 2025 and later), 22.1.3 (June 10, 2025 and later), 22.1.2 (June 10, 2025 and later), or 21.2.3 (June 10, 2025 and later).

Added: Jun 19, 2025, 12:25 AM

Updated: Jun 19, 2025, 12:25 AM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

10.0

exploitability

4.9

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Versa Networks Director SD-WAN Privilege Escalation and Remote Code Execution Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Versa Director

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating