The U.S. CISA has added CVE-2024-39717 to its Know exploited vulnerability catalog following the massive exploitation evidence
This vulnerability CVE-2024-39717 affects Versa Networks’ Director GUI, specifically in the customization feature available to users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges and can alter the appearance of the user interface, including the option to change the favicon displayed by the web application.
The vulnerability arises from the ability to upload a file with a .png extension under the guise of an image file. However, this file can be maliciously crafted to contain executable code. Once uploaded, the malicious file could potentially be used by an attacker to gain unauthorized access or execute arbitrary code, depending on the specific circumstances and other security weaknesses in the environment.
It’s important to note that this exploit can only be leveraged after a user with the appropriate admin privileges has successfully authenticated and logged into the system. While tenant-level users are not at risk of exploiting this flaw, the potential impact on affected systems is considerable.
Versa Networks has confirmed one instance where this vulnerability was exploited in the wild. In this case, the exploitation was made possible due to the customer’s failure to implement Firewall guidelines that had been published in 2015 and 2017. This lapse in security protocol allowed the attacker to exploit CVE-2024-39717 without even using the GUI, underscoring the importance of adhering to recommended security practices.
Considering the active exploitation, CISA has issued a directive to federal agencies, recommending that they apply the latest security patches by September 13, 2024.
