.webp "Vesra File Upload Vulnerability Allows Attackers to Gain System Administrator Access")
A critical vulnerability has been identified in Versa Director, a crucial component of the Versa SD-WAN solution, which puts users at risk of potential malicious activity. The vulnerability, officially designated as CVE-2024-39717, allows attackers to upload harmful files, granting them system administrator access.
This issue specifically impacts users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges, making it a serious concern for organizations utilizing Versa Director in their SD-WAN environments.
Exploitation of this vulnerability has been carried out by an Advanced Persistent Threat (APT) actor in at least one confirmed instance. Despite the difficulty in exploiting this vulnerability, it has been rated as “High” and poses a significant risk to Versa SD-WAN customers who have not followed the recommended system hardening and firewall guidelines provided by Versa Networks.
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its list of “Known Exploited Vulnerabilities,” emphasizing the urgency for users to take action to protect their systems.
The affected versions of Versa Director include 21.2.3, 22.1.2, and 22.1.3, highlighting the importance for users to upgrade to the remediated software versions to mitigate the vulnerability. The root cause of this vulnerability lies in the failure of impacted customers to adhere to Versa’s established system hardening and firewall guidelines, which have been in place since 2015 and 2017 respectively.
Versa Networks has released a patch to address the vulnerability and is actively working with customers to ensure the patch is applied, and that system hardening guidelines are properly implemented. Customers are strongly advised to follow the recommended actions to protect their systems:
1. Apply Hardening Best Practices: Review and implement Versa’s security hardening guidelines, including detailed instructions on firewall requirements and system hardening.
2. Upgrade Versa Director: Upgrade to one of the remediated software versions to mitigate the vulnerability.
3. Check for Exploitation: Inspect the /var/versa/vnms/web/custom_logo/ directory for any suspicious file uploads and verify their type using the command file -b –mime-type <.png file>.
Customers in need of assistance with patching, system hardening, or remediation can contact Versa Technical Support for guidance. Versa Networks remains steadfast in its commitment to customer security and urges all users to take immediate action to safeguard their systems against potential exploitation.