The Versa Director security vulnerability has been added to the list of known exploited vulnerabilities (KEVs) by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) based on evidence of active exploitation.
Based on proof of active exploitation, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Versa Director security issue to its list of known exploited vulnerabilities (KEVs). A file upload problem affecting the “Change Favicon” feature is the source of the medium-severity vulnerability, identified as CVE-2024-39717 (CVSS score: 6.6). This exploit could enable a threat actor to submit a malicious file by disguising it as a seemingly innocent PNG image file. “The Versa Director GUI contains an unrestricted upload of files with a dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface,” according to a CISA alert.
Uploading a.png file is made possible by the ‘Change Favicon’ (Favorite Icon) feature, which can be used to upload malicious files that are masqueraded as images and have a.PNG extension.”However, a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin access must successfully authenticate and log in before an exploitation can be carried out. Versa Networks is aware of one confirmed instance in which a client was targeted, according to a description of the vulnerability in the NIST National Vulnerability Database (NVD), even though the specific circumstances surrounding the exploitation of CVE-2024-39717 remain unclear.
That customer did not follow the firewall recommendations that were released in 2015 and 2017, according to the description. “This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI.” By September 13, 2024, agencies under the Federal Civilian Executive Branch (FCEB) must implement vendor-provided remedies to mitigate the vulnerability. This development occurs just days after CISA updated its KEV catalog to include four security flaws from 2021 and 2022.
CVE-2021-33044 (with a 9.8 CVSS score) Vulnerability in Dahua IP Camera Authentication Bypass CVE-2021-33045 (with a 9.8 CVSS score) vulnerability in Dahua IP Camera Authentication Bypass CVE-2021-31196, with a 7.2 CVSS score Vulnerability for Information Disclosure in Microsoft Exchange Server CVE-2022-0185 (with an 8.4 CVSS score) Heap-Based Buffer Overflow Vulnerabilities in the Linux Kernel
Noteworthy is the fact that earlier in March, Google-owned Mandiant was implicated in the exploitation of CVE-2022-0185 by a threat actor with ties to China, nicknamed UNC5174 (also known as Uteus or Uetus).When CVE-2021-31196 was first made public, it was linked to a large collection of vulnerabilities in Microsoft Exchange Server that were collectively known as ProxyLogon, ProxyShell, ProxyToken, and ProxyOracle. “CVE-2021-31196 has been observed in active exploitation campaigns, where threat actors target unpatched Microsoft Exchange Server instances,” stated OP Innovate. “These attacks typically aim to gain unauthorized access to sensitive information, escalate privileges, or deploy further payloads, such as ransomware or malware.”
Federal agencies are urged by CISA to address the Versa Director vulnerability by September. The Versa Director security vulnerability has been added to the list of known exploited vulnerabilities (KEVs) by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) based on evidence of active exploitation.
Do Follow: CIO News LinkedIn Account | CIO News Facebook | CIO News Youtube | CIO News Twitter
About us:
CIO News is the premier platform dedicated to delivering the latest news, updates, and insights from the CIO industry. As a trusted source in the technology and IT sector, we provide a comprehensive resource for executives and professionals seeking to stay informed and ahead of the curve. With a focus on cutting-edge developments and trends, CIO News serves as your go-to destination for staying abreast of the rapidly evolving landscape of technology and IT. Founded in June 2020, CIO News has rapidly evolved with ambitious growth plans to expand globally, targeting markets in the Middle East & Africa, ASEAN, USA, and the UK.
CIO News is a proprietary of Mercadeo Multiventures Pvt Ltd.
