CISA KEV Alert: Active Exploitation of Versa Director Flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added a newly identified vulnerability affecting the Versa Director platform to its catalog of Known Exploited Vulnerabilities (KEV). This decision is based on confirmed reports of active exploitation of this vulnerability by malicious actors.
The vulnerability in question is of moderate severity, registered as CVE-2024-39717, with a CVSS score of 6.6. The issue lies within the file upload function of the “Change Favicon” interface, which allows an attacker to upload a malicious file disguised as an innocuous PNG image.
Versa Director is a software platform designed for managing network infrastructure in organizations that utilize Versa Networks solutions. It provides a centralized interface for deploying, configuring, and monitoring a wide range of network functions, including Software-Defined Wide Area Networks (SD-WAN), security, and application optimization.
For the successful exploitation of CVE-2024-39717, an attacker requires a user with appropriate privileges (Provider-Data-Center-Admin or Provider-Data-Center-System-Admin) to successfully authenticate and log into the system.
Although the exact circumstances of CVE-2024-39717’s exploitation remain unclear, the U.S. National Vulnerability Database (NVD) reports that Versa Networks has confirmed one instance where a client was attacked. It is noted that the client had not implemented the firewall configuration recommendations issued in 2015 and 2017, which allowed the attacker to exploit the vulnerability without using the graphical interface.
All U.S. Federal Civilian Executive Branch (FCEB) agencies have been mandated to take protective measures against this vulnerability by installing vendor patches by September 13, 2024.
This announcement comes on the heels of CISA’s recent addition of other vulnerabilities from 2021 and 2022 to the KEV catalog, including:
- CVE-2021-33044 and CVE-2021-33045 (CVSS score of 9.8) — an authentication bypass vulnerability in Dahua IP cameras;
- CVE-2024-28987 (CVSS score of 9.1) — a vulnerability involving hardcoded credentials in a web support service;
- CVE-2024-23897 (CVSS score of 9.8) — a path traversal vulnerability in Jenkins’ command-line interface, potentially leading to arbitrary code execution.
Cybersecurity is an ongoing process that requires constant vigilance and timely system updates. Even minor lapses in configuration or neglecting vendor recommendations can result in severe consequences.
It is crucial to remember that attackers are continually seeking new ways to circumvent defenses, and only a comprehensive approach to security—including regular updates, threat monitoring, and staff training—can ensure the robust protection of information systems.
