CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:versa-networks:versa_director:21.2.2:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:21.2.3:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:22.1.1:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:22.1.3:*:*:*:*:*:*:*

History

28 Aug 2024, 19:47

Type Values Removed Values Added
References () https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ - () https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ - Vendor Advisory

27 Aug 2024, 16:15

Type Values Removed Values Added
References
  • {'url': 'https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3', 'tags': ['Permissions Required'], 'source': 'support@hackerone.com'}
  • {'url': 'https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2', 'tags': ['Permissions Required'], 'source': 'support@hackerone.com'}
  • {'url': 'https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3', 'tags': ['Permissions Required'], 'source': 'support@hackerone.com'}
  • {'url': 'https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation', 'tags': ['Permissions Required'], 'source': 'support@hackerone.com'}
  • () https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ -
Summary (en) The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in. Severity: HIGH Exploitation Status: Versa Networks is aware of one confirmed customer reported instance where this vulnerability was exploited because the Firewall guidelines which were published in 2015 & 2017 were not implemented by that customer. This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI. In our testing (not exhaustive, as not all numerical versions of major browsers were tested) the malicious file does not get executed on the client. There are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date. (en) The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

26 Aug 2024, 17:21

Type Values Removed Values Added
First Time Versa-networks
Versa-networks versa Director
CPE cpe:2.3:a:versa-networks:versa_director:22.1.3:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:21.2.3:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:22.1.2:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:21.2.2:*:*:*:*:*:*:*
cpe:2.3:a:versa-networks:versa_director:22.1.1:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : 6.6
v2 : unknown
v3 : 7.2
References () https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3 - () https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3 - Permissions Required
References () https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2 - () https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2 - Permissions Required
References () https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3 - () https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3 - Permissions Required
References () https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation - () https://support.versa-networks.com/support/solutions/articles/23000026724-versa-director-ha-port-exploit-discovery-remediation - Permissions Required

23 Aug 2024, 17:35

Type Values Removed Values Added
CWE CWE-434

23 Aug 2024, 16:18

Type Values Removed Values Added
Summary
  • (es) La GUI de Versa Director ofrece una opción para personalizar la apariencia de la interfaz de usuario. Esta opción solo está disponible para un usuario que haya iniciado sesión con Provider-Data-Center-Admin o Provider-Data-Center-System-Admin. (Los usuarios de nivel de inquilino no tienen este privilegio). La opción "Cambiar Favicon" (icono favorito) se puede utilizar incorrectamente para cargar un archivo malicioso que termina con la extensión .png y se hace pasar por un archivo de imagen. Esto solo es posible después de que un usuario con Provider-Data-Center-Admin o Provider-Data-Center-System-Admin se haya autenticado e iniciado correctamente. Gravedad: ALTA Estado de explotación: Versa Networks tiene conocimiento de un caso confirmado que informó un cliente en el que esto La vulnerabilidad fue explotada porque ese cliente no implementó las pautas de firewall que se publicaron en 2015 y 2017. Esta no implementación resultó en que el mal actor pudiera explotar esta vulnerabilidad sin usar la GUI. En nuestras pruebas (no exhaustivas, ya que no se probaron todas las versiones numéricas de los principales navegadores), el archivo malicioso no se ejecuta en el cliente. Hay informes de otros basados en observaciones de telemetría troncal de un proveedor externo, sin embargo, estos no están confirmados hasta la fecha.

22 Aug 2024, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-08-22 19:15

Updated : 2024-08-28 19:47


NVD link : CVE-2024-39717

Mitre link : CVE-2024-39717

CVE.ORG link : CVE-2024-39717


JSON object : View

Products Affected

versa-networks

  • versa_director
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type