CVE-2024-39717
Versa Director Dangerous File Type Upload Vulnerability
CVSS
—
No CVSS
EPSS
4.0%
p89
KEV
YES
Aug 23, 2024
Exploit Today
77
0-100
Published: — · Last modified: —
Product
Versa / Director
Vulnerability
Versa Director Dangerous File Type Upload Vulnerability
Added to KEV
Aug 23, 2024
Remediate by
Sep 13, 2024
Known ransomware use
No
Summary description
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
Required action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2024-39717
No related CVEs by CWE or product.