Versa Networks has fastened a zero-day vulnerability exploited within the wild that permits attackers to add malicious recordsdata by exploiting an unrestricted file add flaw within the Versa Director GUI.
Versa Director is a platform designed to assist managed service suppliers simplify the design, automation, and supply of SASE providers, providing important administration, monitoring, and orchestration for Versa SASE’s networking and safety capabilities.
The flaw (CVE-2024-39717), tagged by Versa as a high-severity vulnerability within the software program’s “Change Favicon” characteristic, permits risk actors with administrator privileges to add malicious recordsdata camouflaged as PNG photographs.
“This vulnerability allowed doubtlessly malicious recordsdata to be uploaded by customers with Supplier-Information-Heart-Admin or Supplier-Information-Heart-System-Admin privileges,” Versa explains in a safety advisory printed on Monday.
“Impacted prospects didn’t implement system hardening and firewall tips talked about above, leaving a administration port uncovered on the web that supplied the risk actors with preliminary entry.”
In keeping with Versa, CVE-2024-39717 solely impacts prospects who have not carried out system hardening necessities and firewall tips (out there since 2017 and 2015).
Versa says it alerted companions and prospects to overview firewall necessities for Versa elements on July 26 and notified them about this zero-day vulnerability exploited in assaults on August 9.
Exploited by APT actor “at the very least” as soon as
The corporate says that the vulnerability had been exploited by an “Superior Persistent Risk” (APT) actor in “at the very least” one assault.
Versa advises prospects to use hardening measures and improve their Versa Director installations to the newest model to dam incoming assaults. Clients can verify if the vulnerability has been exploited of their environments by inspecting the /var/versa/vnms/net/custom_logo/ folder for suspicious recordsdata which may have been uploaded.
The Cybersecurity and Infrastructure Safety Company (CISA) additionally added the zero-day to its Recognized Exploited Vulnerabilities (KEV) catalog on Friday. As mandated by the November 2021 binding operational directive (BOD 22-01), federal businesses should safe weak Versa Director situations on their networks by September 13.
“These kinds of vulnerabilities are frequent assault vectors for malicious cyber actors and pose vital dangers to the federal enterprise,” CISA warned.
Versa Networks is a safe entry service edge (SASE) vendor that gives providers to hundreds of consumers with thousands and thousands of customers, together with massive enterprises (e.g., Adobe, Samsung, Verizon, Virgin Media, Comcast Enterprise, Orange Enterprise, Capital One, Barclays) and over 120 service suppliers worldwide.