CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability

CVE-2024-39717: Versa | Director

Date Added:
2024-08-23

Due Date:
2024-09-13

Vulnerability Name: Versa Director Dangerous File Type Upload Vulnerability

Description: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

Known To Be Used in Ransomware Campaigns?: Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Additional Notes: https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2024-39717

Related News Articles

China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking CampaignsOctober 15, 2024

Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT SectorsAugust 27, 2024

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPsAugust 27, 2024

Versa fixes Director zero-day vulnerability exploited in attacksAugust 27, 2024

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by SeptemberAugust 24, 2024

Free security scan for your website

Don't show website scan report rating on the leaderboard