CVE-2024-39717
CVSS 3.1 Score 7.2 of 10 (high)
Details
Summary
CVE-2024-39717 is a vulnerability affecting the Versa Director GUI. It allows users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to upload a malicious .png file under the guise of changing the favicon. This exploit is possible after successful authentication and login. The user interface customization feature, including the "Change Favicon" option, is only accessible to these privileged users, making tenant level users immune to this attack. This vulnerability poses a risk for potential image file manipulation and subsequent security breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Versa Director
Affected Vendors
- Versa Networks Inc.