Versa Networks has mounted a zero-day vulnerability exploited within the wild that permits attackers to add malicious information by exploiting an unrestricted file add flaw within the Versa Director GUI.
Versa Director is a platform designed to assist managed service suppliers simplify the design, automation, and supply of SASE providers, providing important administration, monitoring, and orchestration for Versa SASE’s networking and safety capabilities.
The flaw (CVE-2024-39717), tagged by Versa as a high-severity vulnerability within the software program’s “Change Favicon” function, permits risk actors with administrator privileges to add malicious information camouflaged as PNG pictures.
“This vulnerability allowed doubtlessly malicious information to be uploaded by customers with Supplier-Information-Heart-Admin or Supplier-Information-Heart-System-Admin privileges,” Versa explains in a safety advisory printed on Monday.
“Impacted clients didn’t implement system hardening and firewall tips talked about above, leaving a administration port uncovered on the web that offered the risk actors with preliminary entry.”
In response to Versa, CVE-2024-39717 solely impacts clients who have not carried out system hardening necessities and firewall tips (out there since 2017 and 2015).
Versa says it alerted companions and clients to evaluation firewall necessities for Versa parts on July 26 and notified them about this zero-day vulnerability exploited in assaults on August 9.
Exploited by APT actor “not less than” as soon as
The corporate says that the vulnerability had been exploited by an “Superior Persistent Menace” (APT) actor in “not less than” one assault.
Versa advises clients to use hardening measures and improve their Versa Director installations to the newest model to dam incoming assaults. Clients can verify if the vulnerability has been exploited of their environments by inspecting the /var/versa/vnms/internet/custom_logo/ folder for suspicious information that may have been uploaded.
The Cybersecurity and Infrastructure Safety Company (CISA) additionally added the zero-day to its Identified Exploited Vulnerabilities (KEV) catalog on Friday. As mandated by the November 2021 binding operational directive (BOD 22-01), federal companies should safe susceptible Versa Director situations on their networks by September 13.
“Some of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA warned.
Versa Networks is a safe entry service edge (SASE) vendor that gives providers to hundreds of consumers with hundreds of thousands of customers, together with giant enterprises (e.g., Adobe, Samsung, Verizon, Virgin Media, Comcast Enterprise, Orange Enterprise, Capital One, Barclays) and over 120 service suppliers worldwide.