ByteOS Network

concerto

Source -

NVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-34026

Assigner-VulnCheck

View Details

Assigner-VulnCheck

CVSS Score-9.2||CRITICAL

EPSS-58.55% / 98.15%

7 Day CHG+12.73%

Published-21 May, 2025 | 22:04

Updated-23 Jan, 2026 | 18:39

Known KEV||Action Due Date - 2026-02-12||Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Versa Concerto Actuator Authentication Bypass Information Leak

The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.

Vendor-Versa Networks, Inc.

Product-concerto Concerto Concerto

CWE ID-CWE-288

Authentication Bypass Using an Alternate Path or Channel

CVE-2021-31930

Assigner-MITRE Corporation

View Details

Assigner-MITRE Corporation

CVSS Score-6.1||MEDIUM

EPSS-1.06% / 77.23%

7 Day CHG~0.00%

Published-19 May, 2021 | 14:06

Updated-03 Aug, 2024 | 23:10

Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the account, the XSS payload will be executed.

Vendor-concerto-signage n/a

Product-concerto n/a

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')