Versa Product Security Update Advisory (CVE-2024-39717)
Overview
An update has been released to address vulnerabilities in Versa products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-39717
- Versa Director version: 21.2.3
- Versa Director version: 22.1.2
- Versa Director version: 22.1.3
Resolved Vulnerabilities
Vulnerability that allows users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to upload potentially malicious files (CVE-2024-39717)
Vulnerability Patches
The following product-specific Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-39717
- Versa Director versions: See References[2] for updates
- Versa Director versions: See References[3] for updates
- Versa Director versions: See References[4] for updates
References
[1] CVE-2024-39717 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-39717
[2] 21.2.3 patch
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
[3] 22.1.2 patch
Https:// support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
[4] 22.1.3 patch
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
[5] Versa Security Bulletin: Update on CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability