The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw affecting Versa Director in its Known Exploited Vulnerabilities (KEV) catalog after detecting ongoing exploitation.
The vulnerability, identified as CVE-2024-39717 with a CVSS score of 6.6, involves a file upload issue related to the “Change Favicon” feature, enabling a malicious file upload disguised as a harmless PNG image file.
CISA explained, “The Versa Director GUI has a vulnerability that allows the upload of a file with dangerous content, giving certain admin privileges to customize the interface.” This flaw can be abused through the ‘Change Favicon’ functionality to upload a malicious file under the guise of an image.
Successful exploitation requires an authenticated user with specific admin privileges, such as Provider-Data-Center-Admin or Provider-Data-Center-System-Admin.
Although the exact details of the exploitation are unclear, the NIST National Vulnerability Database (NVD) mentioned a confirmed incident involving a targeted customer due to non-implementation of Firewall guidelines related to the vulnerability.
Federal Civilian Executive Branch (FCEB) agencies are mandated to address this issue by applying patches provided by the vendor before September 13, 2024.
In a recent update, CISA also added four other security flaws to its KEV catalog, including CVE-2021-33044, CVE-2021-33045, CVE-2021-31196, and CVE-2022-0185, urging organizations to take necessary precautions.
It was reported that a threat actor linked to China, identified as UNC5174 or Uteus, had exploited one of these vulnerabilities earlier this year.
Furthermore, CVE-2021-31196 was a part of a series of Microsoft Exchange Server vulnerabilities, such as ProxyLogon, ProxyShell, ProxyToken, and ProxyOracle, commonly targeted by threat actors for unauthorized access and privilege escalation.
Organizations are advised to stay vigilant and promptly apply security updates to mitigate the risks associated with these vulnerabilities.