Versa Director
Moderate fix4 remedies
cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*
Moderate fix4 remedies
- 22.1.4
- 22.1.3
- 22.1.2
- 22.1.1
- 21.2.3
- 21.2.2
Versa Networks Director SD-WAN Argument Injection Vulnerability Allowing Arbitrary File Upload
Vulnerability
Patched
An argument injection vulnerability has been identified in the Versa Director SD-WAN orchestration platform, specifically in version 22.1.4 images released prior to February 8, 2025, as well as in all versions of 22.1.3, 22.1.2, 21.2.3, and 21.2.2. This vulnerability arises in the Java code responsible for handling file uploads, where attackers can append additional arguments to the file name. This manipulation bypasses MIME type validation, enabling the upload of arbitrary file types. Exploitation of this flaw allows malicious files to be placed on disk.
Impact
Successful exploitation of this vulnerability could lead to the upload of malicious files, which could be executed or otherwise used to compromise the system.
Remediation
Users are advised to upgrade to Versa Director versions 22.1.4 (February 8th Hot Fix), 22.1.3 (June 10, 2025, and later), or 21.2.3 (June 10, 2025, and later).
Added: Jun 19, 2025, 12:17 AM
Updated: Jun 19, 2025, 12:17 AM
Vulnerability Rating
Custom Algorithm
spread
0.8impact
0.6exploitability
4.4remediation
7.7relevance
0.2threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.