The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has instructed federal agencies to address a security issue affecting Versa Director, being listed in their Known Exploited Vulnerabilities (KEV) catalog due to live exploitation activities.
The moderate-risk vulnerability, identified as CVE-2024-39717 (CVSS score: 6.6), pertains to a file upload flaw related to the “Change Favicon” function, enabling a malicious actor to upload a harmful file disguised as a PNG image.
CISA mentioned in an advisory that “The Versa Director GUI contains a file upload vulnerability that allows certain administrators to customize the user interface by uploading a .png file, potentially leading to the upload of a malevolent file disguised as an image.”
 describes one confirmed exploitation incident involving a Versa Networks customer due to the non-implementation of 2015 and 2017 Firewall guidelines.</p>
<p>“This customer’s failure to adhere to the Firewall guidelines enabled threat actors to exploit the vulnerability without utilizing the GUI interface,” the description revealed.</p>
<p>The Federal Civilian Executive Branch (FCEB) entities are mandated to safeguard against the flaw by applying patches provided by the vendor before September 13, 2024.</p>
<p>This announcement comes shortly after CISA <a href=)
included four security issues from 2021 and 2022 in their KEV catalog:
- CVE-2021-33044 (CVSS score: 9.8) – Dahua IP Camera Authentication Bypass Vulnerability
- CVE-2021-33045 (CVSS score: 9.8) – Dahua IP Camera Authentication Bypass Vulnerability
- CVE-2021-31196 (CVSS score: 7.2) – Microsoft Exchange Server Information Disclosure Vulnerability
- CVE-2022-0185 (CVSS score: 8.4) – Linux Kernel Heap-Based Buffer Overflow Vulnerability
It’s pertinent to note that a Chinese-linked cyber threat group known as UNC5174 (also Uteus or Uetus) was tied to the exploitation of CVE-2022-0185 by Mandiant, a subsidiary of Google, earlier this year in March.
CVE-2021-31196 was initially revealed as part of a significant set of Microsoft Exchange Server vulnerabilities known as ProxyLogon, ProxyShell, ProxyToken, and ProxyOracle.
“CVE-2021-31196 has been witnessed in active exploitation campaigns where threat actors target unpatched Microsoft Exchange Server instances,” OP Innovate explained. “These attacks usually aim to gain unauthorized access to sensitive data, increase privileges, or introduce further malicious payloads like ransomware or malware.”
About Author
