U.S. CISA adds Versa Director bug to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini August 25, 2024

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Versa Director bug to its Known Exploited Vulnerabilities catalog.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA)  Versa Director Dangerous File Type Upload Vulnerability (CVSS score: 6.6) to its .

The vulnerability CVE-2024-39717 resides in the “Change Favicon” feature in Versa Director’s GUI, it allows administrators with specific privileges to upload a malicious file disguised as a PNG image. Exploitation requires successful authentication by a user with the necessary privileges. Although details are limited, Versa Networks confirmed one case where the vulnerability was exploited due to a customer’s failure to implement recommended firewall guidelines. This oversight allowed the attacker to exploit the vulnerability without needing to access the GUI.

” Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer.” . “This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI.”

According to , FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend private organizations review the  and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix this vulnerability by September 13, 2024.

Follow me on Twitter:  and  and Mastodon

(SecurityAffairs – hacking, CISA)



you might also like

leave a comment