The U.S. Cybersecurity and Infrastructure Security Agency (CISA)\u00a0added<\/a>\u00a0Versa Director Dangerous File Type Upload Vulnerability CVE-2024-39717<\/a> (CVSS score: 6.6) to its Known Exploited Vulnerabilities (KEV) catalog<\/a>.<\/p>\n\n\n\n
”\u00a0Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer.” reads the advisory<\/a>. “This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI.”<\/em><\/p>\n\n\n\n
According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities<\/a>, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.
Experts also recommend private organizations review the Catalog<\/a> and address the vulnerabilities in their infrastructure.<\/p>\n\n\n\n
CISA orders federal agencies to fix this vulnerability by\u00a0September 13, 2024.<\/p>\n\n\n\n
Pierluigi Paganini<\/strong><\/a>
Follow me on Twitter: @securityaffairs<\/strong><\/a> and Facebook<\/strong><\/a> and Mastodon<\/a><\/p>\n\n\n\n
(<\/strong>SecurityAffairs<\/strong><\/a>\u00a0\u2013<\/strong>\u00a0hacking,\u00a0CISA<\/a>)<\/strong>