CVE-2024-45208
CRITICALVersa Director 21.2.2, 21.2.3, 22.1.1-22.1.4 - Unauthenticated Remote Code Execution via NCS Service on Port 4566
Title source: llmDescription
The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers.
References (7)
Core 7
Core References
Various Sources
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
Various Sources
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
Various Sources
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
Various Sources
https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4
Various Sources
https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation
Scores
CVSS v3
9.8
EPSS
0.0074
EPSS Percentile
49.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-284
Status
published
Products (6)
Versa/Director
21.2.2
Versa/Director
21.2.3
Versa/Director
22.1.1
Versa/Director
22.1.2
Versa/Director
22.1.3
Versa/Director
22.1.4
Published
Jun 19, 2025
Tracked Since
Feb 18, 2026