Versa Networks has fastened a zero-day vulnerability exploited within the wild that enables attackers to add malicious recordsdata by exploiting an unrestricted file add flaw within the Versa Director GUI.
Versa Director is a platform designed to assist managed service suppliers simplify the design, automation, and supply of SASE companies, providing important administration, monitoring, and orchestration for Versa SASE’s networking and safety capabilities.
The flaw (CVE-2024-39717), tagged by Versa as a high-severity vulnerability within the software program’s “Change Favicon” characteristic, permits risk actors with administrator privileges to add malicious recordsdata camouflaged as PNG photographs.
“This vulnerability allowed potentially malicious files to be uploaded by users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges,” Versa explains in a safety advisory printed on Monday.
“Impacted customers failed to implement system hardening and firewall guidelines mentioned above, leaving a management port exposed on the internet that provided the threat actors with initial access.”
In line with Versa, CVE-2024-39717 solely impacts prospects who have not applied system hardening necessities and firewall pointers (out there since 2017 and 2015).
Versa says it alerted companions and prospects to evaluation firewall necessities for Versa elements on July 26 and notified them about this zero-day vulnerability exploited in assaults on August 9.
Exploited by APT actor “at least” as soon as
The corporate says that the vulnerability had been exploited by an “Advanced Persistent Threat” (APT) actor in “at least” one assault.
Versa advises prospects to use hardening measures and improve their Versa Director installations to the newest model to dam incoming assaults. Clients can examine if the vulnerability has been exploited of their environments by inspecting the /var/versa/vnms/net/custom_logo/ folder for suspicious recordsdata which may have been uploaded.
The Cybersecurity and Infrastructure Safety Company (CISA) additionally added the zero-day to its Recognized Exploited Vulnerabilities (KEV) catalog on Friday. As mandated by the November 2021 binding operational directive (BOD 22-01), federal businesses should safe weak Versa Director situations on their networks by September 13.
“These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise,” CISA warned.
Versa Networks is a safe entry service edge (SASE) vendor that gives companies to hundreds of shoppers with thousands and thousands of customers, together with giant enterprises (e.g., Adobe, Samsung, Verizon, Virgin Media, Comcast Enterprise, Orange Enterprise, Capital One, Barclays) and over 120 service suppliers worldwide.