CVE-2024-39717

HIGH KEV

Versa Director - Authenticated Unrestricted Upload of File with Dangerous Type via Favicon Customization

Title source: llm

Exploitation Summary

CVE-2024-39717 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added August 23, 2024. EIP tracks 1 public exploit from researchers including ahays248.

AI-analyzed exploit summary This repository provides an educational 3D visualization of the Volt Typhoon APT attack chain, focusing on CVE-2024-39717. It includes detailed technical documentation, attack simulations, and intelligence sources but does not contain functional exploit code.

Description

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

Exploits (1)

nomisec WRITEUP 1 stars

by ahays248 · poc

https://github.com/ahays248/VT_Viz

View Code ZIP pw:eip

This repository provides an educational 3D visualization of the Volt Typhoon APT attack chain, focusing on CVE-2024-39717. It includes detailed technical documentation, attack simulations, and intelligence sources but does not contain functional exploit code.

Classification

Writeup 95%

Attack Type

Other

Complexity

Moderate

Reliability

Theoretical

Target: Versa Director (CVE-2024-39717)

No auth needed

Prerequisites: Access to the target network · Knowledge of the attack chain

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1021 - Remote Services

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-39717

Scores

CVSS v3 7.2

EPSS 0.0401

EPSS Percentile 89.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2024-08-23

VulnCheck KEV 2024-08-23

InTheWild.io 2024-08-23

ENISA EUVD EUVD-2024-38202

CWE

CWE-434

Status published

Products (5)

versa-networks/versa_director 21.2.2

versa-networks/versa_director 21.2.3

versa-networks/versa_director 22.1.1

versa-networks/versa_director 22.1.2

versa-networks/versa_director 22.1.3

Published Aug 22, 2024

KEV Added Aug 23, 2024

Tracked Since Feb 18, 2026