August 26, 2024 at 12:16PM
Versa Networks resolved a zero-day vulnerability through a security update after detecting its exploitation. The flaw impacted the Versa Director platform and could be leveraged by threat actors to upload corrupted files. The company urged affected customers to enhance system security and update their installations to protect against potential attacks.
The meeting notes outline that Versa Networks has addressed a zero-day vulnerability in Versa Director GUI that allowed attackers to upload malicious files by exploiting an unrestricted file upload flaw. The flaw, identified as CVE-2024-39717, is considered a high-severity vulnerability and impacts users with specific admin privileges. It has been exploited in at least one attack by an Advanced Persistent Threat (APT) actor.
Impacted customers failed to implement system hardening and firewall guidelines, leaving a management port exposed on the internet, thus providing threat actors with initial access. Versa advised customers to apply hardening measures and upgrade their Versa Director installations to block incoming attacks. They also recommended inspecting the /var/versa/vnms/web/custom_logo/ folder for suspicious files that might have been uploaded.
In response to the vulnerability, the Cybersecurity and Infrastructure Security Agency (CISA) added it to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies were mandated to secure vulnerable Versa Director instances on their networks by September 13, as per the November 2021 binding operational directive (BOD 22-01).
Overall, the notes emphasize the importance of implementing system hardening and firewall guidelines, upgrading Versa Director installations, and inspecting for potentially exploited vulnerabilities.