216.73.217.64

CVE-2024-39717

· Published 22/08/2024 19:15 · Modified 28/08/2024 19:47

Labels: CVE-2024-39717 2024-08-22CVE-2024-39717CWE-434[email protected]

Essential information

Published
22/08/2024 19:15
Modified
28/08/2024 19:47
Author
Creator
CVSS
7.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CVSS metrics

Description

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

NVD status

Status
Analyzed — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
versa-networks / versa director cpe:2.3:a:versa-networks:versa_director:21.2.2:*:*:*:*:*:*:*
versa-networks / versa director cpe:2.3:a:versa-networks:versa_director:21.2.3:*:*:*:*:*:*:*
versa-networks / versa director cpe:2.3:a:versa-networks:versa_director:22.1.1:*:*:*:*:*:*:*
versa-networks / versa director cpe:2.3:a:versa-networks:versa_director:22.1.2:*:*:*:*:*:*:*
versa-networks / versa director cpe:2.3:a:versa-networks:versa_director:22.1.3:*:*:*:*:*:*:*

References