Versa Concerto Authentication Bypass File Write Remote Code Execution

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

N/A

检查时间与使用时间(TOCTOU)的竞争条件

Versa Concerto SD-WAN 安全漏洞

Versa Concerto SD-WAN是Versa公司的一个易于使用的用户界面，用于配置和监控安全 SD-WAN 中的 Versa OS设备。 Versa Concerto SD-WAN 12.1.2至12.2.0版本存在安全漏洞，该漏洞源于Traefik反向代理配置中的身份验证绕过，可能导致远程代码执行。

N/A

N/A