Versa Director HA Port Misconfiguration Leading to Unauthorized Access and Remediation

Key Information Summary Vulnerability Description Vulnerability Type: Versa Director HA Port Exploit Affected Versions: 21.2.3, 22.1.2, 22.1.1, 22.1.0 (22.1.4 is not affected) Vulnerability Details Affected Ports: TCP 4566 and 4570 Security Risk: These ports should only be enabled between two Director nodes and access from other sources should be blocked to prevent unauthorized access. Detection Method File Check: Verify the existence of specific files at the following paths: - - MIME Type Verification: Use the command to verify that the file type is . Confirming System Compromise If the above command returns any MIME type other than , the system may have been compromised. Recovery Steps 1. Stop Services: Stop the Director service on both standby and active Director nodes. 2. Firewall Configuration: Ensure TCP ports 4566 and 4532 are blocked on internet-exposed interfaces. 3. Enable Secure HA Ports: Run the command on both active and standby Director nodes. 4. Delete Favicon Files: Remove the favicon files. 5. Clean Java Files: Delete Java files in the specified directories. 6. Restart Services: Start the service on the active Director node first, then on the standby node. 7. Reset Passwords: Reset passwords for all local and external accounts. 8. Review Local Accounts: Review and delete any unrecognized user accounts. Software Download Links Provides download links for different versions to upgrade to the patched version.

Goal Reached Thanks to every supporter — we hit 100%!

Versa Director HA Port Misconfiguration Leading to Unauthorized Access and Remediation