Cybersecurity researchers recently discovered critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. These vulnerabilities, if exploited, could allow an attacker to take control of vulnerable instances. Despite being reported to the vendor on February 13, 2025, the vulnerabilities remain unpatched. This prompted the researchers to publicly disclose the issues after the 90-day deadline.
The identified vulnerabilities, when chained together, could lead to a complete compromise of both the application and the underlying host system. The security defects include a privilege escalation and Docker container escape vulnerability, an authentication bypass vulnerability in the Traefik reverse proxy configuration, and another authentication bypass vulnerability that could lead to remote code execution. Exploiting these vulnerabilities could result in an attacker gaining control over the host machine.
One of the vulnerabilities, CVE-2025-34027, could allow an attacker to write malicious files to disk and achieve remote code execution using LD_PRELOAD and a reverse shell. The researchers detailed their approach, which involved overwriting specific files and leveraging a race condition to execute malicious code. In the absence of an official fix, users are advised to take precautionary measures such as blocking certain URL paths and monitoring network traffic for any suspicious activity.
Versa Networks has been contacted for comment regarding the vulnerabilities, and the story will be updated if a response is received. It is crucial for organizations using the Versa Concerto platform to be aware of these vulnerabilities and take necessary steps to mitigate the risk of exploitation. Stay informed by following The Hacker News on Twitter and LinkedIn for more exclusive content.
Source link