Vulnerability in Versa Director Allows Total System Compromise

ISGroup Cybersecurity

A significant security vulnerability (CVE-2024-39717) in Versa Director allows users with elevated privileges to upload potentially malicious files to the system. According to reports from Versa Networks, the flaw is already being actively exploited. The U.S. government agency CISA urges immediate action to mitigate the risks.

ProductVersa Director
Date2024-08-29 15:30:52

Technical Summary

Versa Networks has issued an urgent advisory regarding a critical vulnerability (CVE-2024-39717) in Versa Director. This vulnerability allowed the upload of potentially malicious files by users with “Provider-Data-Center-Admin” or “Provider-Data-Center-System-Admin” privileges. The Cybersecurity and Infrastructure Security Agency (CISA) is urging immediate action due to evidence of active exploitation in real-world environments.

[Callforaction-THREAT-Footer]