The U.S. The Cybersecurity and Infrastructure Safety Agency (CISA) has identified a security vulnerability in the Versa Director, which is listed in its Catalog of Recognized Exploited Vulnerabilities based on evidence of active exploitation.
A medium-severity vulnerability, designated as (CVSS rating: 6.6), has been identified in the “Change Favicon” feature due to a file addition bug. This flaw allows an attacker to upload a malicious file by disguising it as a legitimate PNG image file, posing a threat to users.
According to the Cybersecurity and Infrastructure Security Agency, the Versa Director GUI features a critical flaw allowing administrators with elevated privileges to manipulate the user interface unrestrictedly.
The ‘Change Favicon’ feature permits users to upload a custom .png image. However, this capability can be potentially misused by uploading a malicious file bearing a .PNG extension, cleverly disguised as an innocuous picture.
Despite these requirements, a successful and profitable exploitation can still be achieved if a user possessing Supplier-Knowledge-Heart-Admin or Supplier-Knowledge-Heart-System-Admin privileges has completed the authentication and login process seamlessly.
While the specifics of the exploitation of CVE-2024-39717 remain unclear, according to the NIST National Vulnerability Database (NVD), Versa Networks is aware of one verified instance in which a customer was targeted, as outlined in the vulnerability description.
“The previously published Firewall guidelines from 2015 and 2017 were not implemented by this customer, as stated in the outline.” The lack of implementation allowed an unscrupulous individual to capitalize on this weakness without needing to interact with the graphical user interface.
The Federal Civilian Government Department’s agencies require timely actions to mitigate a vulnerability by implementing vendor-recommended patches no later than September 13, 2024.
The incident occurs just days after CISA identified four safety vulnerabilities in the KEV (Known Exposure Vector) catalog for both 2021 and 2022.
- (DVSS rating: 9.8) – Dahua IP Camera Authentication Bypass Vulnerability:
- (Vulnerability Impact: Critical) Dahua IP Digital Camera Authentication Bypass Exploit
- Microsoft Change Server Data Disclosure Vulnerability – CVSS Score: 7.2
- Linux Kernel Heap-Based Buffer Overflow Vulnerability – CVSS Score: 8.4
It’s noteworthy that UNC5174, a China-linked threat actor also known as Uteus or Uetus, exploited the vulnerability identified as CVE-2022-0185, which was publicly disclosed by Google-owned Mandiant in early March.
CVE-2021-31196 formed part of the extensive ProxyLogon family of Microsoft Exchange Server vulnerabilities, which also included ProxyShell, ProxyToken, and ProxyOracle.
“Cybersecurity experts at OP Innovate have detected a surge in attacks targeting unpatched Microsoft Exchange Server instances, with the highly-exploitable CVE-2021-31196 vulnerability being actively exploited by malicious actors.” “These attacks typically aim to achieve unauthorized access to sensitive data, elevate privileges, or deliver additional payloads such as ransomware or malware.”
