Trusted Design

• 重大度: CRITICAL
• 公開日: 2025-05-21
• 更新日: 2026-01-23

概要

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

このCVEに関連するMITRE ATT&CKテクニック

• T1557 - Adversary-in-the-Middle
• T1583.007 - Serverless
• T1027.009 - Embedded Payloads
• T1056.001 - Keylogging
• T1003.002 - Security Account Manager
• T1588.004 - Digital Certificates
• T1192 - Spearphishing Link
• T1591.003 - Identify Business Tempo
• T1484.002 - Trust Modification
• T1070.002 - Clear Linux or Mac System Logs
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1584.003 - Virtual Private Server
• T1608.001 - Upload Malware
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1525 - Implant Internal Image
• T1076 - Remote Desktop Protocol
• T1131 - Authentication Package
• T1145 - Private Keys
• T1681 - Search Threat Vendor Data
• T1027.016 - Junk Code Insertion
• T1598.004 - Spearphishing Voice
• T1016 - System Network Configuration Discovery
• T1593.003 - Code Repositories
• T1546.008 - Accessibility Features
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1049 - System Network Connections Discovery
• T1051 - Shared Webroot
• T1218.012 - Verclsid
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1606.001 - Web Cookies
• T1598.002 - Spearphishing Attachment
• T1496.004 - Cloud Service Hijacking
• T1552.008 - Chat Messages
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1562.001 - Disable or Modify Tools
• T1584.006 - Web Services
• T1601 - Modify System Image
• T1059.011 - Lua
• T1055.012 - Process Hollowing
• T1110.004 - Credential Stuffing
• T1486 - Data Encrypted for Impact
• T1203 - Exploitation for Client Execution
• T1595.003 - Wordlist Scanning
• T1137.004 - Outlook Home Page
• T1553.004 - Install Root Certificate
• T1499 - Endpoint Denial of Service
• T1493 - Transmitted Data Manipulation
• T1556.009 - Conditional Access Policies
• T1213.003 - Code Repositories
• T1543.001 - Launch Agent
• T1223 - Compiled HTML File
• T1555.004 - Windows Credential Manager
• T1564.005 - Hidden File System
• T1518 - Software Discovery
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1591.001 - Determine Physical Locations
• T1204.001 - Malicious Link
• T1035 - Service Execution

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る