CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability

CVE ID:CVE-2024-39717

Project:Versa

Product:Director

Date Added:2024-08-23Due Date:2024-09-13

Vulnerability Name

Versa Director Dangerous File Type Upload Vulnerability

Description

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes

https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/

https://nvd.nist.gov/vuln/detail/CVE-2024-39717

Related News Articles

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking CampaignsOctober 15, 2024

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT SectorsAugust 27, 2024

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPsAugust 27, 2024

Versa fixes Director zero-day vulnerability exploited in attacksAugust 27, 2024

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by SeptemberAugust 24, 2024

Top Security News

Latest CVE List

Common Alerts

LowInsufficient Site Isolation Against Spectre Vulnerability
HighCross-Domain Misconfiguration - Adobe - Send
MediumCSP: script-src unsafe-eval
HighCloud Metadata Potentially Exposed
MediumELMAH Information Leak
InformationalSec-Fetch-Mode Header Has an Invalid Value
InformationalSec-Fetch-User Header is Missing
InformationalSec-Fetch-Site Header is Missing
MediumBuffer Overflow
InformationalInformation Disclosure - Information in Browser localStorage

Top CWE List