Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

CISA Urges Federal Agencies to Patch Versa Director Vulnerability by September

https://firewall.firm.in/wp-content/uploads/2024/08/cisa.png

Aug 24, 2024Ravie LakshmananVulnerability / Government Security

Versa Director Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has placed a security flaw impacting Versa Director to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation.

The medium-severity vulnerability, tracked as CVE-2024-39717 (CVSS score: 6.6), is case of file upload bug impacting the “Change Favicon” feature that could allow a threat actor to upload a malicious file by masquerading it as a seemingly harmless PNG image file.

“The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface,” CISA said in an advisory.

“The ‘Change Favicon’ (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .PNG extension disguised as an image.”

Cybersecurity

However, a successful exploitation is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges has successfully authenticated and logged in.

While the exact circumstances surrounding the exploitation of CVE-2024-39717 is unclear, a description of the vulnerability in the NIST National Vulnerability Database (NVD) states that Versa Networks is aware of one confirmed instance in which a customer was targeted.

“The Firewall guidelines which were published in 2015 and 2017 were not implemented by that customer,” the description states. “This non-implementation resulted in the bad actor being able to exploit this vulnerability without using the GUI.”

Federal Civilian Executive Branch (FCEB) agencies are required to take steps to protect against the flaw by applying vendor-provided fixes by September 13, 2024.

The development comes days after CISA added four security shortcomings from 2021 and 2022 to its KEV catalog –

  • CVE-2021-33044 (CVSS score: 9.8) – Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2021-33045 (CVSS score: 9.8) – Dahua IP Camera Authentication Bypass Vulnerability
  • CVE-2021-31196 (CVSS score: 7.2) – Microsoft Exchange Server Information Disclosure Vulnerability
  • CVE-2022-0185 (CVSS score: 8.4) – Linux Kernel Heap-Based Buffer Overflow Vulnerability

It’s worth noting that a China-linked threat actor codenamed UNC5174 (aka Uteus or Uetus) was attributed to the exploitation of CVE-2022-0185 by Google-owned Mandiant earlier this March.

Cybersecurity

CVE-2021-31196 was originally disclosed as part of a huge set of Microsoft Exchange Server vulnerabilities, collectively tracked as ProxyLogon, ProxyShell, ProxyToken, and ProxyOracle.

“CVE-2021-31196 has been observed in active exploitation campaigns, where threat actors target unpatched Microsoft Exchange Server instances,” OP Innovate said. “These attacks typically aim to gain unauthorized access to sensitive information, escalate privileges, or deploy further payloads such as ransomware or malware.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket