Actively exploited vulnerability

CVE-2024-39717: Versa Director Dangerous File Type Upload Vulnerability

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

CISA KEV source 23 Aug 2024 added 13 Sep 2024 remediation due

Affected product

Versa · Director

Known ransomware use: Unknown

Required action

Follow the source advisory and validate exposure in your environment.

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Related Yasna coverage

Recent reporting that mentions CVE-2024-39717.