CVE-2024-39717
Versa Director Dangerous File Type Upload Vulnerability
CVSS
—
Sin CVSS
EPSS
4.0%
p89
KEV
SÍ
23 ago 2024
Exploit Today
77
0-100
Publicado: — · Última mod.: —
Producto
Versa / Director
Vulnerabilidad
Versa Director Dangerous File Type Upload Vulnerability
Añadido a KEV
23 ago 2024
Remediar antes de
13 sept 2024
Uso conocido en ransomware
No
Descripción resumida
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
Acción requerida
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notas
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/; https://nvd.nist.gov/vuln/detail/CVE-2024-39717
Sin CVEs relacionados por CWE o producto.