versa-networks.com
Open in
urlscan Pro
2a02:fe80:1010::20:10
Public Scan
URL:
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-...
Submission: On August 27 via api from TR — Scanned from CA
Submission: On August 27 via api from TR — Scanned from CA
Form analysis 2 forms found in the DOM
GET https://versa-networks.com/
<form role="search" method="get" id="searchform" class="searchform" action="https://versa-networks.com/">
<div class="search-container">
<label for="s" class="visually-hidden">Search:</label>
<input type="text" value="" name="s" id="s" autocomplete="on">
<!--Hide submit btn-->
<!-- <input type="submit" id="searchsubmit" value="Search" /> -->
</div>
</form>GET https://versa-networks.com/
<form role="search" method="get" id="searchform-1" class="searchform" action="https://versa-networks.com/">
<div class="search-container d-flex">
<input class="search-input-mbl me-3" type="text" value="" name="s" id="s-1">
<button id="searchsubmit-1" value="Search" type="submit" class="btn btn-primary d-flex align-items-center rounded border-0">
<span>Search</span>
<span class="chevron-white"></span>
</button>
</div>
</form>Text Content
Trial ROI Contact
Versa Security Bulletin: Update on CVE-2024-39717 | Read the blog >
Training Support Blog Security Portal
ENG Language Dropdown
* Deutsch
* English
* Español
* Français
* 日本語
Search:
* Products
PLATFORM
* Architecture
* Components
* Versa AI
* Deployment Options
VERSA UNIFIED SASE
Converged security and networking to securely connect any user, device, or
site to any workload or application.
* Versa Secure Access Fabric
* SASE on SIM for Mobile Operators
* Private SASE
* Versa Zero Trust Everywhere
* Versa Titan for Lean IT
SECURITY SERVICE EDGE (SSE)
Secure user access to the web, cloud services, and private applications
VERSA SECURE PRIVATE ACCESS
* Zero Trust Network Access (ZTNA)
VERSA SECURE INTERNET ACCESS
* Secure Web Gateway (SWG)
* Firewall-as-a-Service(FWaaS)
* Cloud Access Security Broker (CASB)
* Data Loss Prevention (DLP)
* Remote Browser Isolation (RBI)
VERSA ZERO TRUST - PREMISES
SECURE NETWORKING
Software-defined networking solutions with security built-in
* Versa Secure SD-WAN
* Versa Secure SD-NIC
* Versa Secure SD-LAN
* Versa Next Generation Firewall (NGFW)
* Versa Routing
* Solutions
SOLUTION OVERVIEW
* Protect & connect apps
* Protect & connect locations
* Secure your users
* Secure your devices
* Transform your LAN
* Eliminate product sprawl
INDUSTRY SOLUTIONS
* Legal
* Manufacturing
* Public Sector
* Retail
* Satellite ISP
* Technology
* Transportation
* Architecture
* Education
* Energy & Utilities
* Engineering & Construction
* Federal Government
* Financial Services
* Healthcare
* Hospitality
SASE ROI CALCULATOR
SASE can save your company a lot of money. Use the industry’s-first SASE ROI
calculator to quantify the cost savings you can achieve in services, asset
consolidation, and labor when deploying Versa SASE.
Try it now
* Customers
OUR CUSTOMERS
CUSTOMER ACCLAIM
CUSTOMER VIDEOS
CUSTOMER SUPPORT
CASE STUDIES
* Top Energy Firm
* Global Satellite Provider
* Global Pharmaceutical Company
* Large Food Retailer
* National Dental Practice
* Global Retailer
* Global Financial Services Firm
* Global Credit Card Payments Company
* Cloud/SaaS Digital Marketing Firm
* McLaren Racing Limited
* Leading Media and Communications Service Provider
* Fortune 500 Financial Services Company
TOP ENERGY FIRM ACHIEVES COMPREHENSIVE “WORK-FROM-ANYWHERE” WITH VERSA SASE
A large, publicly traded energy company operating in all areas of the oil and
gas industry has dramatically simplified their network stack and realized
huge cost savings with Versa SASE.
Learn more
* Partners
PARTNER OVERVIEW
PROGRAM SUMMARY
TECHNOLOGY PARTNERS
* Microsoft Azure
* Google Cloud
* Dell Technologies
* Amazon AWS
TITAN FOR PARTNERS
FIND A PARTNER
BECOME A PARTNER
PARTNER PORTAL
AVAILABILITY AND BUYING OPTIONS IN THE EMERGING SASE MARKET
EMA evaluates the different SASE vendors and their approaches to
architecture, go-to-market, and support for their cloud-delivered and hybrid
services
Read the Report
* Resources
WHAT’S NEW
SASE ROI CALCULATOR
ANALYST REPORTS
WEBINARS
VIDEOS
DATASHEETS
SOLUTION BRIEFS
WHITE PAPERS & EBOOKS
VERSATILITY 2024
PRODUCT DOCUMENTATION
VERSA ACADEMY
GARTNER MAGIC QUADRANT FOR WAN EDGE INFRASTRUCTURE
A large, publicly traded energy company operating in all areas of the oil and
gas industry has dramatically simplified their network stack and realized
huge cost savings with Versa SASE.
Read the Report
* About Us
OUR CUSTOMERS
CUSTOMER ACCLAIM
CUSTOMER VIDEOS
CUSTOMER SUPPORT
COMPANY OVERVIEW
LEADERSHIP TEAM
OUR INVESTORS
AWARDS
CONTACT US
NEWS
* Latest News
* Press Releases
* Media Coverage
* Events
CAREERS
* Current Openings
* Life at Versa
* Cultural Values
VERSA NETWORKS - EXPLAINED IN 1 MINUTE
Learn about the Versa Secure SD-WAN solution in a high-level, one minute
overview.
Watch the Video
* SASE
SECURE ACCESS SERVICE EDGE
WHAT ARE THE MAJOR SASE COMPONENTS?
* What is Secure Web Gateway?
* What is ZTNA?
* What is CASB?
A QUICK INTRODUCTION TO SASE ARCHITECTURE
HOW TO ADOPT SASE
PRIMARY SASE CHALLENGES
NETWORK TRANSFORMATION WITH 5G
WHY IS SASE NECESSARY?
* What Kind of Company Should Use SASE?
* What are the Primary SASE Benefits?
* How Can SASE Help You and Your Organization?
VERSA SASE (SECURE ACCESS SERVICE EDGE)
SASE is the simplest, most scalable way to continuously secure and connect
the millions points of access in and out of the corporate resources
regardless of location.
Read the Brief
* SD-WAN
WHAT IS SD-WAN?
SD-WAN TUTORIAL
SD-WAN TECHNOLOGY
CHOOSING A VENDOR
HYBRID WAN
CLOUD WAN
IDS/IPS
VERSA SECURE SD-WAN – SIMPLE, SECURE, AND RELIABLE BRANCH TO MULTI-CLOUD
CONNECTIVIT
Versa Secure SD-WAN is a single software platform that offers multi-layered
security and enables multi-cloud connectivity for Enterprises.
Read the Brief
* Get a demo
Home
Products
* Versa Zero Trust Everywhere
* Versa Titan
* Versa SASE Architecture
* Versa AI
* Security Service Edge (SSE)
* Zero Trust Network Access (ZTNA)
* Secure Web Gateway (SWG)
* Firewall-as-a-Service(FWaaS)
* Cloud Access Security Broker (CASB)
* Data Loss Prevention (DLP)
* Remote Browser Isolation (RBI)
* Versa Zero Trust - Premises
* Secure Networking
* Versa Secure SD-WAN
* Versa Secure SD-NIC
* Versa Secure SD-LAN
* Versa Routing
* Product Component
Solutions
* Solution Overview
* Work-from-Home Solutions
* WAN Edge Solutions
* Secure SD-WAN
* Security
* Routing
* Lean IT Solutions
* Industry Solutions
* Architecture
* Education
* Energy & Utilities
* Engineering & Construction
* Federal Government
* Financial Services
* Healthcare
* Hospitality
* Legal
* Manufacturing
* Public Sector
* Retail
* Satellite ISP
* Technology
* Transportation
Customers
* Our Customers
* Customer Acclaim
* Customer Videos
* Customer Support
* Case Studies
* Top Energy Firm
* Global Satellite Provider
* Global Pharmaceutical Company
* Large Food Retailer
* National Dental Practice
* Global Retailer
* Global Financial Services Firm
* Global Credit Card Payments Company
* Cloud/SaaS Digital Marketing Firm
* McLaren Racing Limited
* Leading Media and Communications Service Provider
* Fortune 500 Financial Services Company
Partners
* Partner Overview
* Program Summary
* Technology Partners
* Microsoft Azure
* Google Cloud
* Dell Technologies
* Titan for Partners
* Find a Partner
* Become a Partner
* Partner Portal
Resources
* What’s New
* SASE ROI Calculator
* Analyst Reports
* Webinars
* Videos
* Datasheets
* Solution Briefs
* White Papers & eBooks
* Versatility 2023
* Product Documentation
* Versa Academy
About Us
* Our Customers
* Customer Acclaim
* Customer Videos
* Customer Support
* Company Overview
* Leadership Team
* Our Investors
* Awards
* Contact Us
* News
* Latest News
* Press Releases
* Media Coverage
* Events
* Careers
* Current Openings
* Life at Versa
* Cultural Values
SASE
* Secure Access Service Edge
* What are the Major SASE Components?
* What is Secure Web Gateway?
* What is ZTNA?
* What is CASB?
* A Quick Introduction to SASE Architecture
* How to Adopt SASE
* Primary SASE Challenges
* Network Transformation with 5G
* Why is SASE Necessary?
* What Kind of Company Should Use SASE?
* What are the Primary SASE Benefits?
* How Can SASE Help You and Your Organization?
Solutions
* What is SD-WAN?
* SD-WAN Tutorial
* SD-WAN Technology
* Choosing a Vendor
* Hybrid WAN
* Cloud WAN
* IDS/IPS
Search
VERSA BLOG
RESEARCH LAB
VERSA SECURITY BULLETIN: UPDATE ON CVE-2024-39717 – VERSA DIRECTOR DANGEROUS
FILE TYPE UPLOAD VULNERABILITY
BY VERSA SECURITY RESEARCH TEAM
AUGUST 26, 2024
Affected Platforms: Versa Director
Impacted Users: Targeted at managed service providers
Impact: Privilege Escalation
Severity Level: High
Overview
* Versa Networks has established and published Firewall Requirements since 2015
and System Hardening requirements since 2017
* A vulnerability was recently discovered in Versa Director (CVE-2024-39717).
This vulnerability allowed potentially malicious files to be uploaded by
users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin
privileges.
* Impacted customers failed to implement system hardening and firewall
guidelines mentioned above, leaving a management port exposed on the internet
that provided the threat actors with initial access.
* Versa has released a patch for the vulnerability, and we are actively working
with all customers to ensure the patch and system hardening guidelines are
applied.
Exploitation Status
* This vulnerability has been exploited in at least one known instance by an
Advanced Persistent Threat actor.
* Although the vulnerability is difficult to exploit, it’s rated “High” and
affects all Versa SD-WAN customers using Versa Director, that have not
implemented the system hardening and firewall guidelines.
* CISA has added this vulnerability to its “Known Exploited Vulnerabilities”
list (CVE-2024-39717).
Affected Systems and Versions
Versa Director:
* 21.2.3
* 22.1.2
* 22.1.3
What should Versa customers do?
* Apply hardening best practices – Customers should ensure that they have
followed recommended best practices for security hardening of Versa Director.
Customers can access detailed system hardening and firewall rules guidelines
here:
* Firewall Guidelines: Firewall Requirements (since 2015): This document
details the necessary ports and protocols that need to be opened on the
appropriate interfaces.
* System Hardening (since 2017): This document provides comprehensive steps
for implementing the hardening process for all components of the Versa
solution.
* Upgrade Director to one of the remediated versions – Versa recommends that
the Director software be upgraded as soon as possible to one of the
remediated software versions (see Resources below).
* Check to see if the vulnerability has already been exploited – to identify if
the vulnerability has already been exploited, customers can inspect the
/var/versa/vnms/web/custom_logo/ folder for any suspicious files having been
uploaded. Running the command: file -b –mime-type <.png file> should report
the file type as “image/png”.
If you are a Versa customer who needs assistance with patching, system
hardening, or remediation, please contact Versa Technical Support.
Resources
Customers can access one of the patched/remediated versions of Versa Director
from the following software download links:
* 21.2.3:
https://support.versa-networks.com/support/solutions/articles/23000024323-release-21-2-3
* 22.1.2:
https://support.versa-networks.com/support/solutions/articles/23000025680-release-22-1-2
* 22.1.3:
https://support.versa-networks.com/support/solutions/articles/23000026033-release-22-1-3
* 22.1.4: Not affected.
For additional information, please refer to the following resources:
* Security Bulletin Advising Hardening – Versa has sent out a security bulletin
titled Security Bulletin: Advising The Review of Firewall Requirements for
Versa Components to customers and partners on Friday, July 26, 2024. (Versa
customer access only)
* Security Bulletin Advising Vulnerability – Versa has notified customers and
partners about the vulnerability in Security Bulletin: Advising Zero-Day
Vulnerability In Versa Director that was sent out on Friday, August 9, 2024.
(Versa customer access only)
* CISA Known Exploited Vulnerability Catalog – This CVE information is
publicly available from CISA (Cybersecurity and Infrastructure Security
Agency – part of the U.S. Department of Homeland Security), which curates a
list of CVEs called the Known Exploited Vulnerabilities (KEV) catalog at
CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability.
* Versa Security Portal – Versa has updated the PSIRT section of the Versa
Security Portal with CVE-2024-39717 to ensure that customers have one place
to go for information and our most current information and remediation
guidance. (Versa customer access only)
* Versa System Hardening Guidelines – (available since 2017): This document
provides comprehensive steps for implementing the hardening process for all
components of the Versa solution.
* Versa Firewall Requirements – Firewall Requirements (available since 2015):
This document details the necessary ports and protocols that need to be
opened on the appropriate interfaces.
The bottom line: Versa is actively reaching out and working with our customers
and partners to ensure their safety by applying patches and hardening their
attack surfaces per guidelines.
SECURITY BULLETINVERSA DIRECTOR
TOPICS
--------------------------------------------------------------------------------
* All Posts
* Industry Insights
* Company Updates
* Product & Engineering
* Research Lab
* Customers & Partners
--------------------------------------------------------------------------------
RECENT POSTS
--------------------------------------------------------------------------------
VERSA SECURITY BULLETIN: UPDATE ON CVE-2024-39717 – VERSA DIRECTOR DANGEROUS
FILE TYPE UPLOAD VULNERABILITY
BY VERSA SECURITY RESEARCH TEAM
AUGUST 26, 2024
--------------------------------------------------------------------------------
CROWDSTRIKE OUTAGE: LATEST UPDATES AND BEST PRACTICES
BY NAGANATHAN S J
JULY 19, 2024
--------------------------------------------------------------------------------
VERSA SD-WAN AND MICROSOFT ENTRA COMBINE FOR END-TO-END NETWORKING AND SECURITY
BY MAURICE LANDRUM
JULY 18, 2024
--------------------------------------------------------------------------------
TOP 10 SIGNS YOU NEED A NEW SSE SOLUTION
BY DAN MAIER
JUNE 7, 2024
--------------------------------------------------------------------------------
EVOLVING THREATS, INTELLIGENT RESPONSES: AI AND SSE IN VERSA’S SASE STRATEGY
BY BRAD LAPORTE, GARTNER VETERAN AND INDUSTRY EXPERT, LIONFISH TECH ADVISORS &
JON TAYLOR, DIRECTOR AND PRINCIPAL OF SECURITY, VERSA NETWORKS
MAY 15, 2024
TOP TAGS
--------------------------------------------------------------------------------
5G NetworkAccoladesAIAppliancebranch officesCASBCloud deploymentsCloud
migrationCloud-hosted WorkloadsCOVID-19cyber securitydata breachesdata
securityDeep Packet InspectionDIADigital TransformationGartnerHTTPInternet of
ThingsIoTIPSecLTEMachine LearningMalwareMicrosoftModern NetworkModern Secure
NetworkMPLSMulti-TenancyNext Generation FirewallPartner ProgramPatch
TuesdayRansomewareSASESD-WAN ArchitectureSDWANSecure Internet
AccessSecuritySecurity BulletinSolarwindsSSESWGTCP OptimizationThreat
DetectionTraffic SteeringTrainingUnified SASEUS-CERTVersaVersa SASEVersa
TitanWAN EdgewebinarWFHWork From HomeZero TrustZero Trust EverywhereZero Trust
Network Access (ZTNA)
Gartner Research Report
2023 GARTNER® CRITICAL CAPABILITIES FOR SD-WAN
Versa Networks has been positioned in the highest ranked three vendors for all
five Use Cases in the 2023 Gartner® Critical Capabilities for SD-WAN Report.
PRODUCTS
* Versa SASE
* Deployment Options
* Multi-tenancy
* Automation
* SASE Components
CUSTOMERS
* Case Studies
* Acclaim
* Support
SOLUTIONS
* Work-from-Home Solutions
* WAN Edge Solutions
* Lean IT Solutions
* Industry Solutions
PARTNERS
* Program Summary
* Technology Partners
* Titan for Partners
* Find a Partner
* Become a Partner
* Partner Portal
RESOURCES
* Analyst Reports
* Webinars
* Videos
* Datasheets
* Solution Briefs
* White Paper & eBooks
* Product Documentation
* Versa Academy
ABOUT US
* Leadership
* Investors
* Awards
* News &Events
* Careers
* Contact Us
* What is SASE
* What is SD-WAN
* Blog
* Contact Us
* Sitemap
PRODUCTS
* Versa Unified SASE Platform
* Versa Secure Access Fabric
* Versa Zero Trust Everywhere
* Versa Titan
* VersaAI
* Versa Security Service Edge
* Versa Secure Private Access
* Versa Secure Internet Access
* Versa Zero Trust – Premises
* Versa Secure Networking
* Versa Secure SD-WAN
* Versa Secure SD-NIC
* Versa Secure SD-LAN
SOLUTIONS
* Work-from-Home Solutions
* WAN Edge Solutions
* Lean IT Solutions
* Industry Solutions
PARTNERS
* Partner Overview
* Program Summary
* Technology Partner
* Titan for Partners
* Find a Partner
* Become a Partner
* Partner Portal
RESOURCES
* Analyst Reports
* Webinars
* Videos
* Datasheets
* Solution Briefs
* White Paper & eBooks
* Product Documentation
* Versa Academy
CUSTOMERS
* Case Studies
* Acclaim
* Support
ABOUT US
* Leadership
* Investors
* Awards
* News & Events
* Careers
* Privacy and Legal
BLOG
PRIVACY AND LEGAL
SITEMAP
Versa Networks, the leader in SASE, combines extensive security, advanced
networking, full-featured SD-WAN, genuine multitenancy, and sophisticated
analytics via the cloud, on-premises.
Versa Networks, VOS, and Versa Titan are or may be registered trademarks of
Versa Networks, Inc. All other marks and names
mentioned herein may be trademarks of their respective companies.
©2024 Versa Networks, inc.