CVE-2024-39717

Confirmed PUBLISHED

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged...

Versa · Director
Exploited in the wild

Recommended Action

Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.

Confidence
Confirmed
Exploitation Status
Exploited in the wild
Observed in Sensors
No
Attempts (30d)
Unique Attacker IPs
CISA KEV
In CISA KEV
CVSS / EPSS
6.6 Medium

At a Glance

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

cisa nessus_scanner
CVE Published
Aug 22, 2024
Exploitation Reported
Aug 23, 2024
CVSS
6.6 Medium
EPSS
Remote No user interaction

Affected Versions

30 version rows · page 1 of 2

Vendor Product Version Status
versa-networks
versa_director

21.2.2

Affected
versa-networks
versa_director

21.2.3 to < 21.2.3_2024-06-21

Affected
versa-networks
versa_director

22.1.1

Affected
versa-networks
versa_director

22.1.2 to < 22.1.2_2024-06-21

Affected
versa-networks
versa_director

22.1.3 to < 22.1.3_2024-06-21

Affected
versa-networks
versa_director

21.2.2

Affected
versa-networks
versa_director

21.2.3 to < 21.2.3_2024-06-21

Affected
versa-networks
versa_director

22.1.1

Affected
versa-networks
versa_director

22.1.2 to < 22.1.2_2024-06-21

Affected
versa-networks
versa_director

22.1.3 to < 22.1.3_2024-06-21

Affected
versa-networks
versa_director

21.2.2

Affected
versa-networks
versa_director

21.2.3 to < 21.2.3_2024-06-21

Affected
versa-networks
versa_director

22.1.1

Affected
versa-networks
versa_director

22.1.2 to < 22.1.2_2024-06-21

Affected
versa-networks
versa_director

22.1.3 to < 22.1.3_2024-06-21

Affected
versa-networks
versa_director

21.2.2

Affected
versa-networks
versa_director

21.2.3 to < 21.2.3_2024-06-21

Affected
versa-networks
versa_director

22.1.1

Affected
versa-networks
versa_director

22.1.2 to < 22.1.2_2024-06-21

Affected
versa-networks
versa_director

22.1.3 to < 22.1.3_2024-06-21

Affected
versa-networks
versa_director

21.2.2

Affected
versa-networks
versa_director

21.2.3 to < 21.2.3_2024-06-21

Affected
versa-networks
versa_director

22.1.1

Affected
versa-networks
versa_director

22.1.2 to < 22.1.2_2024-06-21

Affected
versa-networks
versa_director

22.1.3 to < 22.1.3_2024-06-21

Affected

CVE References

Recommended Actions

  • Prioritize remediation. Validate affected assets and apply vendor fixes on an accelerated timeline.
  • Check enrichment artifacts for scanner coverage and available PoCs before rolling remediation validation.
  • Use the Pro API to automate enrichment, telemetry, and workflow delivery for VM, SOC, and CTI pipelines.