CVE-2024-39717: Versa Director Dangerous File Type Upload Vulnerability.
Versa Director Dangerous File Type Upload Vulnerability. The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
- CISA KEV-listed (remediation due 2024-09-13)
- EPSS 5.4% (90.3% percentile)