HomeVulnerabilityCISA Urges Federal Businesses to Patch Versa Director Vulnerability by September

CISA Urges Federal Businesses to Patch Versa Director Vulnerability by September

The U.S. Cybersecurity and Infrastructure Safety Company (CISA) has positioned a security flaw impacting Versa Director to its Identified Exploited Vulnerabilities (KEV) catalog primarily based on proof of lively exploitation.

The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS rating: 6.6), is case of file add bug impacting the “Change Favicon” function that would enable a menace actor to add a malicious file by masquerading it as a seemingly innocent PNG picture file.

“The Versa Director GUI accommodates an unrestricted add of file with harmful sort vulnerability that enables directors with Supplier-Data-Middle-Admin or Supplier-Data-Middle-System-Admin privileges to customise the consumer interface,” CISA stated in an advisory.

“The ‘Change Favicon’ (Favourite Icon) permits the add of a .png file, which might be exploited to add a malicious file with a .PNG extension disguised as a picture.”

Cybersecurity

Nonetheless, a profitable exploitation is feasible solely after a consumer with Supplier-Data-Middle-Admin or Supplier-Data-Middle-System-Admin privileges has efficiently authenticated and logged in.

Whereas the precise circumstances surrounding the exploitation of CVE-2024-39717 is unclear, an outline of the vulnerability within the NIST Nationwide Vulnerability Database (NVD) states that Versa Networks is conscious of 1 confirmed occasion by which a buyer was focused.

See also  Hackers are exploiting vital Apache Struts flaw utilizing public PoC

“The Firewall pointers which had been revealed in 2015 and 2017 weren’t carried out by that buyer,” the outline states. “This non-implementation resulted within the unhealthy actor with the ability to exploit this vulnerability with out utilizing the GUI.”

Federal Civilian Govt Department (FCEB) companies are required to take steps to guard towards the flaw by making use of vendor-provided fixes by September 13, 2024.

The event comes days after CISA added 4 security shortcomings from 2021 and 2022 to its KEV catalog –

  • CVE-2021-33044 (CVSS rating: 9.8) – Dahua IP Digicam Authentication Bypass Vulnerability
  • CVE-2021-33045 (CVSS rating: 9.8) – Dahua IP Digicam Authentication Bypass Vulnerability
  • CVE-2021-31196 (CVSS rating: 7.2) – Microsoft Trade Server Data Disclosure Vulnerability
  • CVE-2022-0185 (CVSS rating: 8.4) – Linux Kernel Heap-Based mostly Buffer Overflow Vulnerability

It is value noting {that a} China-linked menace actor codenamed UNC5174 (aka Uteus or Uetus) was attributed to the exploitation of CVE-2022-0185 by Google-owned Mandiant earlier this March.

See also  FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Assist Victims
Cybersecurity

CVE-2021-31196 was initially disclosed as a part of an enormous set of Microsoft Trade Server vulnerabilities, collectively tracked as ProxyLogon, ProxyShell, ProxyToken, and ProxyOracle.

“CVE-2021-31196 has been noticed in lively exploitation campaigns, the place menace actors goal unpatched Microsoft Trade Server situations,” OP Innovate stated. “These assaults sometimes purpose to realize unauthorized entry to delicate info, escalate privileges, or deploy additional payloads corresponding to ransomware or malware.”

- Advertisment -spot_img
RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -

Most Popular