CVE-2024-39717: Versa Networks Director GUI Flaw Under Active Attack, CISA Issues Urgent Patching Directive
In a recent cybersecurity alert, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the active exploitation of a severe vulnerability identified as CVE-2024-39717. This flaw, found within Versa Networks’ Director GUI, poses a significant threat to organizations that have not yet applied the necessary security guidelines. The vulnerability is categorized as HIGH in severity, with confirmed instances of exploitation reported.
CVE-2024-39717 is a security vulnerability affecting Versa Networks’ Director GUI, specifically in the customization feature available to users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges. These high-level users can alter the appearance of the user interface, including the option to change the favicon (Favorite Icon) displayed by the web application.
The vulnerability arises from the ability to upload a file with a .png extension under the guise of an image file. However, this file can be maliciously crafted to contain executable code. Once uploaded, the malicious file could potentially be used by an attacker to gain unauthorized access or execute arbitrary code, depending on the specific circumstances and other security weaknesses in the environment.
It’s important to note that this exploit can only be leveraged after a user with the appropriate admin privileges has successfully authenticated and logged into the system. While tenant-level users are not at risk of exploiting this flaw, the potential impact on affected systems is considerable.
Versa Networks has confirmed one instance where this vulnerability was exploited in the wild. In this case, the exploitation was made possible due to the customer’s failure to implement Firewall guidelines that had been published in 2015 and 2017. This lapse in security protocol allowed the attacker to exploit CVE-2024-39717 without even using the GUI, underscoring the importance of adhering to recommended security practices.
Although comprehensive testing has shown that the malicious file does not execute on the client side in most major browsers, the threat remains significant. Unconfirmed reports, based on backbone telemetry from a third-party provider, suggest that there may be additional instances of exploitation. This ongoing threat has prompted CISA to add CVE-2024-39717 to its Known Exploited Vulnerabilities (KEV) catalog, a clear indication of the vulnerability’s active exploitation and potential for widespread impact.
In light of the active exploitation, CISA has issued a directive to federal agencies, recommending that they apply the latest security patches by September 13, 2024. This urgent action is necessary to safeguard networks against potential threats stemming from this vulnerability.
Organizations using Versa Networks’ Director GUI should immediately review their security protocols, ensuring that all relevant guidelines are fully implemented. Additionally, it’s crucial to apply any available patches or updates provided by Versa Networks to mitigate the risk posed by CVE-2024-39717.
