Refine your search
4 vulnerabilities found for by Versa
CVE-2025-34025 (GCVE-0-2025-34025)
Vulnerability from cvelistv5
Published
2025-05-21 22:11
Modified
2025-11-28 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-732 - Incorrect Permission Assignment for Critical Resource
Summary
The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T03:56:02.808Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"web-service Container"
],
"product": "Concerto",
"vendor": "Versa",
"versions": [
{
"lessThanOrEqual": "12.2.0",
"status": "affected",
"version": "12.1.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:versa:concerto:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.2.0",
"versionStartIncluding": "12.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "sponsor",
"value": "ProjectDiscovery"
},
{
"lang": "en",
"type": "finder",
"value": "Harsh Jaiswal"
},
{
"lang": "en",
"type": "finder",
"value": "Rahul Maini"
},
{
"lang": "en",
"type": "finder",
"value": "Parth Malhotra"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.\u003cp\u003eThis issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.\u003c/p\u003e"
}
],
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an privileges escalation and container escape vulnerability caused by unsafe default mounting of host binary paths that allow the container to modify host paths. The escape can be used to trigger remote code execution or direct host access depending on the host operating system configuration.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-480",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-480 Escaping Virtualization"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:43:04.692Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit",
"mitigation"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Versa Concerto Insecure Docker Mount Container Escape",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34025",
"datePublished": "2025-05-21T22:11:32.081Z",
"dateReserved": "2025-04-15T19:15:22.545Z",
"dateUpdated": "2025-11-28T19:43:04.692Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34026 (GCVE-0-2025-34026)
Vulnerability from cvelistv5
Published
2025-05-21 22:04
Modified
2025-11-28 19:42
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-288 - Authentication Bypass Using an Alternate Path or Channel
Summary
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34026",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-22T15:21:53.580126Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-22T15:22:26.869Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Traefik"
],
"product": "Concerto",
"vendor": "Versa",
"versions": [
{
"lessThanOrEqual": "12.2.0",
"status": "affected",
"version": "12.1.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:versa:concerto:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.2.0",
"versionStartIncluding": "12.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "sponsor",
"value": "ProjectDiscovery"
},
{
"lang": "en",
"type": "finder",
"value": "Harsh Jaiswal"
},
{
"lang": "en",
"type": "finder",
"value": "Rahul Maini"
},
{
"lang": "en",
"type": "finder",
"value": "Parth Malhotra"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.\u003cp\u003eThis issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.\u003c/p\u003e"
}
],
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-131",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-131 Resource Leak Exposure"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "LOW",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:L/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:42:27.561Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit",
"mitigation"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Versa Concerto Actuator Authentication Bypass Information Leak",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34026",
"datePublished": "2025-05-21T22:04:58.832Z",
"dateReserved": "2025-04-15T19:15:22.545Z",
"dateUpdated": "2025-11-28T19:42:27.561Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-34027 (GCVE-0-2025-34027)
Vulnerability from cvelistv5
Published
2025-05-21 21:58
Modified
2025-11-28 19:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Summary
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-34027",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-27T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-28T03:56:04.254Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unknown",
"modules": [
"Traefik"
],
"product": "Concerto",
"vendor": "Versa",
"versions": [
{
"lessThanOrEqual": "12.2.0",
"status": "affected",
"version": "12.1.2",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:versa:concerto:*:*:*:*:*:*:*:*",
"versionEndIncluding": "12.2.0",
"versionStartIncluding": "12.1.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"credits": [
{
"lang": "en",
"type": "sponsor",
"value": "ProjectDiscovery"
},
{
"lang": "en",
"type": "finder",
"value": "Harsh Jaiswal"
},
{
"lang": "en",
"type": "finder",
"value": "Rahul Maini"
},
{
"lang": "en",
"type": "finder",
"value": "Parth Malhotra"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).\u003cp\u003eThis issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.\u003c/p\u003e"
}
],
"value": "The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The Spack upload endpoint can be leveraged for a Time-of-Check to Time-of-Use (TOCTOU) write in combination with a race condition to achieve remote code execution via path loading manipulation, allowing an unauthenticated actor to achieve remote code execution (RCE).This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
},
{
"capecId": "CAPEC-29",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:H/SI:H/SA:L",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-367",
"description": "CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-28T19:43:34.727Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"exploit",
"mitigation"
],
"url": "https://projectdiscovery.io/blog/versa-concerto-authentication-bypass-rce"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Versa Concerto Authentication Bypass File Write Remote Code Execution",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2025-34027",
"datePublished": "2025-05-21T21:58:31.698Z",
"dateReserved": "2025-04-15T19:15:22.545Z",
"dateUpdated": "2025-11-28T19:43:34.727Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-39717 (GCVE-0-2024-39717)
Vulnerability from cvelistv5
Published
2024-08-22 18:47
Modified
2025-10-21 22:55
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "versa_director",
"vendor": "versa-networks",
"versions": [
{
"status": "affected",
"version": "21.2.2"
},
{
"lessThan": "21.2.3_2024-06-21",
"status": "affected",
"version": "21.2.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"lessThan": "22.1.2_2024-06-21",
"status": "affected",
"version": "22.1.2",
"versionType": "custom"
},
{
"lessThan": "22.1.3_2024-06-21",
"status": "affected",
"version": "22.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "versa_director",
"vendor": "versa-networks",
"versions": [
{
"status": "affected",
"version": "21.2.2"
},
{
"lessThan": "21.2.3_2024-06-21",
"status": "affected",
"version": "21.2.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"lessThan": "22.1.2_2024-06-21",
"status": "affected",
"version": "22.1.2",
"versionType": "custom"
},
{
"lessThan": "22.1.3_2024-06-21",
"status": "affected",
"version": "22.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "versa_director",
"vendor": "versa-networks",
"versions": [
{
"status": "affected",
"version": "21.2.2"
},
{
"lessThan": "21.2.3_2024-06-21",
"status": "affected",
"version": "21.2.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"lessThan": "22.1.2_2024-06-21",
"status": "affected",
"version": "22.1.2",
"versionType": "custom"
},
{
"lessThan": "22.1.3_2024-06-21",
"status": "affected",
"version": "22.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "versa_director",
"vendor": "versa-networks",
"versions": [
{
"status": "affected",
"version": "21.2.2"
},
{
"lessThan": "21.2.3_2024-06-21",
"status": "affected",
"version": "21.2.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"lessThan": "22.1.2_2024-06-21",
"status": "affected",
"version": "22.1.2",
"versionType": "custom"
},
{
"lessThan": "22.1.3_2024-06-21",
"status": "affected",
"version": "22.1.3",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:versa-networks:versa_director:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "versa_director",
"vendor": "versa-networks",
"versions": [
{
"status": "affected",
"version": "21.2.2"
},
{
"lessThan": "21.2.3_2024-06-21",
"status": "affected",
"version": "21.2.3",
"versionType": "custom"
},
{
"status": "affected",
"version": "22.1.1"
},
{
"lessThan": "22.1.2_2024-06-21",
"status": "affected",
"version": "22.1.2",
"versionType": "custom"
},
{
"lessThan": "22.1.3_2024-06-21",
"status": "affected",
"version": "22.1.3",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-39717",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T03:55:40.372703Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-08-23",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-39717"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:46.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-39717"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-08-23T00:00:00+00:00",
"value": "CVE-2024-39717 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Director",
"vendor": "Versa",
"versions": [
{
"lessThanOrEqual": "21.2.2",
"status": "affected",
"version": "21.2.2",
"versionType": "custom"
},
{
"lessThan": "21.2.3 before 2024-06-21",
"status": "affected",
"version": "21.2.3 before 2024-06-21",
"versionType": "custom"
},
{
"lessThanOrEqual": "22.1.1",
"status": "affected",
"version": "22.1.1",
"versionType": "custom"
},
{
"lessThanOrEqual": "22.1.2 before 2024-06-21",
"status": "affected",
"version": "22.1.2 before 2024-06-21",
"versionType": "custom"
},
{
"lessThanOrEqual": "22.1.3 before 2024-06-21",
"status": "affected",
"version": "22.1.3 before 2024-06-21",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The \u201cChange Favicon\u201d (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-27T15:49:41.227Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"url": "https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2024-39717",
"datePublished": "2024-08-22T18:47:12.171Z",
"dateReserved": "2024-06-28T01:04:08.821Z",
"dateUpdated": "2025-10-21T22:55:46.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}