CVE-2024-42450

Summary

CVE-2024-42450: Versa Director's PostgreSQL configuration poses a risk as it uses the same default password across all instances and listens on all network interfaces. This vulnerability allows unauthenticated attackers to access and manage the database or escalate privileges on the system. Versa Director's latest release, 22.1.4, addresses this issue by automatically restricting access to the Postgres and HA ports. Older releases require manual hardening. This vulnerability is not exploitable if published firewall guidelines are implemented, and no Versa-hosted head ends have been affected. For further assistance, contact Versa Technical Support or the account team. The latest software version, 22.1.4, can be downloaded from the provided link.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.