Malicious File Upload Vulnerability in Versa Director GUI Could Lead to Privilege Escalation
CVE-2024-39717
Key Information:
Badges
What is CVE-2024-39717?
CVE-2024-39717 is a serious vulnerability in the Versa Director GUI, a management interface used for configuring and customizing network services. This vulnerability allows an attacker with specific administrative privileges to upload malicious files, masquerading as harmless image files, which can ultimately lead to privilege escalation. If successfully exploited, this issue could enable unauthorized users to gain higher levels of access, posing significant risks to organizational security and data integrity.
Technical Details
The vulnerability specifically affects users logged in with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin roles. Through a feature intended to change the favicon, an authenticated user can upload files with a .png extension. However, the mechanism does not correctly validate the file type, allowing the upload of malicious code instead of a legitimate image file. This flaw could be exploited after authentication, providing a pathway for attackers to gain elevated privileges within the system.
Impact of the Vulnerability
-
Privilege Escalation: Attackers can gain unauthorized administrative access, allowing them to manipulate configurations and sensitive data within the system.
-
Unrestricted Code Execution: The ability to upload malicious files could lead to arbitrary code execution, enabling further exploits within the network infrastructure.
-
Increased Attack Surface: With compromised administrative access, the threat actors can explore other vulnerabilities in the network, potentially leading to widespread system compromise and data breaches.
CISA has reported CVE-2024-39717
CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-39717 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.
The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Affected Version(s)
Director 21.2.2
Director 21.2.3 before 2024-06-21
Director 22.1.1
News Articles
TechRepublicCVE-2024-39717Volt Typhoon Hackers Exploit Zero-Day Vulnerability in Versa Director Servers Used by MSPs, ISPs
The Volt Typhoon hacking group has been caught exploiting a zero-day vulnerability in Versa Director servers..
Volt Typhoon exploiting Versa Director zero-day flaw | TechTarget
A Chinese nation-state threat group known as Volt Typhoon exploited a Versa Director zero-day vulnerability in attacks against U.S. organizations.
Help Net SecurityCVE-2024-39717Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) - Help Net Security
Hackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers.
References
EPSS Score
5% chance of being exploited in the next 30 days.
CVSS V3.1
Timeline
- 💰
Used in Ransomware
- 📈
Vulnerability started trending
- 📰
First article discovered by The Hacker News
- 👾
Exploit known to exist
- 🦅
CISA Reported
Vulnerability published