← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-39717 — Actively Exploited: Director (Versa)

The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can b

CVE IDCVE-2024-39717
VendorVersa
ProductDirector
Vulnerability nameVersa Director Dangerous File Type Upload Vulnerability
Date added2024-08-23
Remediation due2024-09-13
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionThe Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an ima
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →