CVE-2024-39717

HIGH
2024-08-22 [email protected]
7.2
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 26, 2026 - 11:20 vuln.today
Added to CISA KEV
Oct 30, 2025 - 20:40 cisa
CISA KEV
CVE Published
Aug 22, 2024 - 19:15 nvd
HIGH 7.2

Description

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

Analysis

Versa Director GUI contains a file upload vulnerability in the 'Change Favicon' functionality that allows provider-level administrators to upload malicious files, exploited by Volt Typhoon (Chinese APT) against ISPs.

Technical Context

The CWE-434 unrestricted file upload in the 'Change Favicon' feature accepts executable files alongside legitimate image files. While requiring Provider-Data-Center-Admin privileges, these credentials were obtained through prior compromise of upstream systems.

Affected Products

['Versa Director GUI']

Remediation

Apply Versa security updates. Audit provider admin accounts for unauthorized access. Check for VersaMem web shell indicators. Restrict management access to Versa Director.

Priority Score

101
Low Medium High Critical
KEV: +50
EPSS: +4.6
CVSS: +36
POC: 0

Share

CVE-2024-39717 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy