August 26, 2024 By Sergiu Gatlan
Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI.
Versa Director is a platform designed to help managed service providers simplify the design, automation, and delivery of SASE services, offering essential management, monitoring, and orchestration for Versa SASE's networking and security capabilities.
The flaw (CVE-2024-39717), tagged by Versa as a high-severity vulnerability in the software's "Change Favicon" feature, allows threat actors with administrator privileges to upload malicious files camouflaged as PNG images.
"This vulnerability allowed potentially malicious files to be uploaded by users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges," Versa explains in a security advisory published on Monday.
