Wednesday, May 7, 2025
HomeCVE/vulnerabilityVesra File Type Upload Vulnerability Lets Attackers Gain Sys-Admin Access from MSP

Vesra File Type Upload Vulnerability Lets Attackers Gain Sys-Admin Access from MSP

Published on

SIEM as a Service

Follow Us on Google News

A critical vulnerability has been identified in Versa Director, a vital component of the company’s SD-WAN solution.

The vulnerability, officially designated as CVE-2024-39717, allows attackers to upload potentially malicious files, granting them system administrator access.

This issue explicitly affects users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges.

- Advertisement - Google News

Exploitation and Impact

An Advanced Persistent Threat (APT) actor has exploited the vulnerability in at least one known instance.

Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN -14-day free trial

Despite being difficult to manipulate, the vulnerability is rated “High.” It poses a significant risk to all Versa SD-WAN customers using Versa Director who have not adhered to the recommended system hardening and firewall guidelines.

The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-39717 to its “Known Exploited Vulnerabilities” list, underscoring the seriousness of the threat.

Affected Systems and Versions

The following versions of Versa Director are affected:

VersionStatus
21.2.3Vulnerable
22.1.2Vulnerable
22.1.3Vulnerable

The root cause of the vulnerability lies in the failure of impacted customers to implement Versa’s established system hardening and firewall guidelines.

These guidelines, published in 2015 and 2017, respectively, are crucial for securing management ports and preventing unauthorized access.

Versa Networks has released a patch to address this vulnerability and is actively working with customers to ensure the patch is applied, and that system hardening guidelines are followed.

Recommended Actions for Versa Customers

  1. Apply Hardening Best Practices: Customers should review and implement Versa’s security hardening guidelines, which include detailed instructions on firewall requirements and system hardening.
  2. Upgrade Versa Director: It is essential to upgrade to one of the remediated software versions to mitigate the vulnerability.
  3. Check for Exploitation: Customers should inspect the /var/versa/vnms/web/custom_logo/ directory for any suspicious file uploads. Running the command file -b –mime-type <.png file> should confirm the file type as “image/png”.

Customers needing patching, system hardening, or remediation are encouraged to contact Versa Technical Support for guidance.

Versa Networks remains committed to its customers’ security and urges all users to take immediate action to protect their systems from potential exploitation.

Protect Your Business with Cynet Managed All-in-One Cybersecurity Platform – Try Free Trial

Divya
Divya
Divya is a Senior Journalist at GBhackers covering Cyber Attacks, Threats, Breaches, Vulnerabilities and other happenings in the cyber world.

Latest articles

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...

CISA Warns of Cyber Threats to Oil and Gas SCADA and ICS Networks

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new alert warning critical...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

PoC Tool Released to Detect Servers Affected by Critical Apache Parquet Vulnerability

F5 Labs has released a new proof-of-concept (PoC) tool designed to help organizations detect...

Healthcare Sector Becomes a Major Target for Cyber Attacks in 2025

The healthcare sector has emerged as a prime target for cyber attackers, driven by...

SysAid ITSM Vulnerabilities Enables Pre-Auth Remote Command Execution

Security researchers have disclosed a chain of critical vulnerabilities affecting SysAid ITSM’s On-Premise solution,...