CVE-2024-39717

Name of the Vulnerable Software and Affected Versions Versa Director versions prior to 22.1.4

Description The vulnerability in Versa Director allows attackers to upload malicious files, posing a serious threat to organizations. This flaw can be exploited by authenticated users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin roles, who can upload malicious files disguised as .png images. The exploitation of this flaw can lead to unauthorized access and potential system compromise. A Chinese state-sponsored threat actor, known as Volt Typhoon, has been exploiting this vulnerability, using it to deploy a custom web shell called VersaMem and harvest credentials. The vulnerability has been used to target internet service providers (ISPs) and managed service providers (MSPs) in the United States and other countries.

Recommendations To resolve the issue, upgrade to Versa Director version 22.1.4 or later. As a temporary workaround, consider restricting access to the "Change Favicon" option in the Versa Director GUI to minimize the risk of exploitation. Additionally, ensure that all users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin roles are aware of the vulnerability and take necessary precautions to prevent exploitation.