Versa Networks has mounted a zero-day vulnerability exploited within the wild that permits attackers to add malicious information by exploiting an unrestricted file add flaw within the Versa Director GUI.
Versa Director is a platform designed to assist managed service suppliers simplify the design, automation, and supply of SASE providers, providing important administration, monitoring, and orchestration for Versa SASE’s networking and security capabilities.
The flaw (CVE-2024-39717), tagged by Versa as a high-severity vulnerability within the software program’s “Change Favicon” characteristic, permits risk actors with administrator privileges to add malicious information camouflaged as PNG photographs.
“This vulnerability allowed doubtlessly malicious information to be uploaded by customers with Supplier-Data-Middle-Admin or Supplier-Data-Middle-System-Admin privileges,” Versa explains in a security advisory revealed on Monday.
“Impacted prospects didn’t implement system hardening and firewall tips talked about above, leaving a administration port uncovered on the web that offered the risk actors with preliminary entry.”
In line with Versa, CVE-2024-39717 solely impacts prospects who have not carried out system hardening necessities and firewall tips (out there since 2017 and 2015).
Versa says it alerted companions and prospects to overview firewall necessities for Versa elements on July 26 and notified them about this zero-day vulnerability exploited in assaults on August 9.
Exploited by APT actor “not less than” as soon as
The corporate says that the vulnerability had been exploited by an “Superior Persistent Menace” (APT) actor in “not less than” one assault.
Versa advises prospects to use hardening measures and improve their Versa Director installations to the most recent model to dam incoming assaults. Prospects can test if the vulnerability has been exploited of their environments by inspecting the /var/versa/vnms/net/custom_logo/ folder for suspicious information that may have been uploaded.
The Cybersecurity and Infrastructure Safety Company (CISA) additionally added the zero-day to its Recognized Exploited Vulnerabilities (KEV) catalog on Friday. As mandated by the November 2021 binding operational directive (BOD 22-01), federal companies should safe weak Versa Director cases on their networks by September 13.
“These kind of vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA warned.
Versa Networks is a safe entry service edge (SASE) vendor that gives providers to 1000’s of consumers with thousands and thousands of customers, together with massive enterprises (e.g., Adobe, Samsung, Verizon, Virgin Media, Comcast Enterprise, Orange Enterprise, Capital One, Barclays) and over 120 service suppliers worldwide.