CVE-2025-34026

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
CVSS

No CVSS.

Configurations

No configuration.

History

22 May 2025, 16:15

Type Values Removed Values Added
Summary
  • (es) La plataforma de orquestación SD-WAN Versa Concerto es vulnerable a una omisión de autenticación en la configuración del proxy inverso Traefik, lo que permite a un atacante acceder a los endpoints administrativos. El endpoint interno del Actuador puede utilizarse para acceder a volcados de pila y registros de seguimiento. Se sabe que este problema afecta a Concerto desde la versión 12.1.2 hasta la 12.2.0. Otras versiones podrían ser vulnerables.
References () https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce - () https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce -

21 May 2025, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-05-21 22:15

Updated : 2025-05-23 15:55


NVD link : CVE-2025-34026

Mitre link : CVE-2025-34026

CVE.ORG link : CVE-2025-34026


JSON object : View

Products Affected

No product.

CWE
CWE-287

Improper Authentication