CVE-2024-39717 - Versa Director Dangerous File Type Upload Vulnerability
项目:Versa
产品:Director
添加日期:2024-08-23到期日:2024-09-13最后更新:June 21, 2025
漏洞名称
Versa Director Dangerous File Type Upload Vulnerability
描述
The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
已知用于勒索软件活动吗?
Unknown
采集行动
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
其他说明
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
https://nvd.nist.gov/vuln/detail/CVE-2024-39717
相关新闻文章
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking CampaignsOctober 15, 2024
Chinese Volt Typhoon Exploits Versa Director Flaw, Targets U.S. and Global IT SectorsAugust 27, 2024
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPsAugust 27, 2024
Versa fixes Director zero-day vulnerability exploited in attacksAugust 26, 2024
CISA Urges Federal Agencies to Patch Versa Director Vulnerability by SeptemberAugust 24, 2024