Projectdiscovery

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform contains a flaw related to improper permission assignment for a critical resource during certificate signing request validation. This can lead to privilege escalation and container escape. The unsafe default mounting of host binary paths allows a container to modify host paths. Successful exploitation of this issue may allow an attacker to execute arbitrary code or gain direct access to the host, depending on the host operating system configuration. **Recommendations** Versions 12.1.2 through 12.2.0 should be updated when a patch becomes available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform has a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The internal Actuator endpoint can be exploited to gain access to heap dumps and trace logs. This issue is actively exploited in the wild and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. Attackers can extract credentials and tokens from heap dumps, access internal SD-WAN management endpoints, perform lateral movement to managed edge devices, and potentially deploy persistent backdoors. The root cause is a misconfigured Traefik reverse proxy that forwards unauthenticated requests to `/actuator/*` endpoints. The `/actuator/*` endpoints expose sensitive memory and administrative functions. **Recommendations** Upgrade to the latest patched version from Versa Networks. Restrict access to the Traefik/admin interface. Block access to the `/actuator/*` endpoints externally. Deploy Web Application Firewall (WAF) rules. Review actuator access logs for unauthenticated GET requests. Rotate any exposed credentials. Isolate any compromised orchestrators.

**Name of the Vulnerable Software and Affected Versions** Versa Concerto versions 12.1.2 through 12.2.0 **Description** The Versa Concerto SD-WAN orchestration platform contains a flaw in the Traefik reverse proxy configuration that allows an attacker to bypass authentication and access administrative endpoints. The Spack upload endpoint can be exploited using a Time-of-Check to Time-of-Use (TOCTOU) write condition combined with a race condition to achieve remote code execution (RCE) through path loading manipulation. This allows an unauthenticated actor to achieve RCE. The issue is actively exploited. **Recommendations** Versions 12.1.2 through 12.2.0 should be updated to a newer version that addresses this vulnerability.