The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently added a significant security vulnerability affecting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog, following evidence of active exploitation. This medium-severity flaw, identified as CVE-2024-39717 with a CVSS score of 6.6, is categorized as a file upload vulnerability, specifically related to the “Change Favicon” feature. It permits malicious actors to upload harmful files while impersonating benign PNG image files.
According to CISA’s advisory, the vulnerability arises from the unrestricted upload of files with potentially dangerous types within the Versa Director graphical user interface. Administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin roles can inadvertently exploit this weakness, which allows for the uploading of a malicious file disguised under the .PNG extension.
The exploitation of CVE-2024-39717 can only occur if a user with the aforementioned privileges has successfully logged into the system. While details about the exact exploitation scenarios remain vague, the National Institute of Standards and Technology (NIST) National Vulnerability Database has noted that Versa Networks has been alerted to confirmed instances targeting customer systems.
A specific case highlighted the security oversight in which a client failed to implement essential firewall guidelines published in previous years. This oversight allowed the attacker to exploit the vulnerability without using the GUI, indicating that the threat may exist even with prescribed security measures in place.
To mitigate this risk, federal agencies under the Civilian Executive Branch (FCEB) must implement vendor-supplied patches by September 13, 2024. This directive underscores the urgency of addressing this vulnerability, as it poses risks not only to individual organizations but potentially to broader governmental infrastructure.
The identification of this vulnerability comes shortly after CISA’s addition of several other security flaws, showcasing a proactive approach to addressing cybersecurity vulnerabilities that have been exploited in the past. Notably, among the recent entries in the KEV catalog are vulnerabilities associated with Dahua IP cameras and various security shortcomings in Microsoft Exchange Server, highlighting the ongoing threats faced across different sectors.
In the context of adversarial tactics outlined in the MITRE ATT&CK framework, initial access appears to be a key aspect of the exploitation process for CVE-2024-39717. The use of privilege escalation techniques also plays a significant role, as attackers must first obtain the appropriate levels of access to exploit the vulnerability successfully.
Business owners and cybersecurity professionals should remain vigilant regarding these vulnerabilities, as they represent ongoing threats that can compromise sensitive systems and data. Recognizing the methods employed in these attacks is crucial for developing robust defenses and ensuring compliance with the latest security advisories.