CVE-2024-39717 – This vulnerability allows authenticated adminis... (How to Fix)

Q: What is the severity of CVE-2024-39717?

CVE-2024-39717 has a CVSS score of 7.2 (HIGH). This vulnerability allows authenticated administrators in Versa Director to upload malicious files disguised as PNG images through the favicon customization feature. Attackers could potentially execute arbitrary code on the system by exploiting improper file type validation. Only users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges are affected.

📋 TL;DR

This vulnerability allows authenticated administrators in Versa Director to upload malicious files disguised as PNG images through the favicon customization feature. Attackers could potentially execute arbitrary code on the system by exploiting improper file type validation. Only users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges are affected.

💻 Affected Systems

Products:

Versa Director

Versions: Versions prior to 24.1.0

Operating Systems: Not specified - likely appliance-based

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated admin access (Provider-Data-Center-Admin or Provider-Data-Center-System-Admin roles). Tenant users are not affected.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data exfiltration, and lateral movement within the network.

🟠

Likely Case

File upload leading to web shell deployment, limited system access, and potential privilege escalation.

🟢

If Mitigated

Unauthorized file upload detected and blocked by security controls, with no successful exploitation.

🌐 Internet-Facing: HIGH - Versa Director management interfaces are often exposed to the internet for remote administration.

🏢 Internal Only: HIGH - Even internally, authenticated admin users could be compromised or malicious insiders could exploit this.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires valid admin credentials but the file upload mechanism is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 24.1.0 and later

Vendor Advisory: https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/

Restart Required: Yes

Instructions:

1. Backup current configuration. 2. Download and install Versa Director version 24.1.0 or later from official sources. 3. Apply the update following vendor documentation. 4. Restart the system as required. 5. Verify the update was successful.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit Provider-Data-Center-Admin and Provider-Data-Center-System-Admin roles to only essential personnel and implement strict access controls.

Disable Favicon Upload

all

If possible, disable the favicon customization feature through configuration or administrative controls.

🧯 If You Can't Patch

Implement strict network segmentation to isolate Versa Director management interfaces from critical systems
Deploy web application firewall (WAF) rules to block suspicious file uploads and monitor for exploitation attempts

🔍 How to Verify

Check if Vulnerable:

Check Versa Director version via GUI (System > About) or CLI. If version is below 24.1.0, the system is vulnerable.

Check Version:

show version (CLI) or check System > About in GUI

Verify Fix Applied:

Verify version is 24.1.0 or higher and test that file upload validation now properly restricts file types.

📡 Detection & Monitoring

Log Indicators:

Unusual file upload activity in application logs
Multiple failed upload attempts with different file extensions
Admin user uploading files through favicon customization feature

Network Indicators:

HTTP POST requests to favicon upload endpoints with non-image file contents
Unusual outbound connections from Versa Director system

SIEM Query:

source="versa_director" AND (event_type="file_upload" OR uri_path="/favicon/upload") AND file_extension!="png"

📊 Metadata

CVE ID: CVE-2024-39717

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: August 22, 2024

Last Updated: October 30, 2025

🔗 References

https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-39717 US Government Resource

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39717, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Versa Director by Versa Networks

Versa Director by Versa Networks

Versa Director by Versa Networks

Versa Director by Versa Networks

Versa Director by Versa Networks

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Restrict Admin Access

Disable Favicon Upload

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities