A vulnerability was recently discovered in Versa Director (CVE-2024-39717). This vulnerability allowed potentially malicious files to be uploaded by users with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges.
Impacted customers had not implemented system hardening and firewall guidelines mentioned above, leaving a management port exposed on the internet that provided the threat actors with initial access.
Versa has released a patch for the vulnerability, and we are actively working with all customers to ensure the patch and system hardening guidelines are applied.
Exploitation Status
This vulnerability has been exploited in at least one known instance by an Advanced Persistent Threat actor.
Although the vulnerability is difficult to exploit, it’s rated “High” and affects all Versa SD-WAN customers using Versa Director, that have not implemented the system hardening and firewall guidelines.
CISA has added this vulnerability to its “Known Exploited Vulnerabilities” list (CVE-2024-39717).
Affected Systems and Versions
Versa Director:
Versions
Affected
Unaffected
22.1.4
None
All
22.1.3
22.1.3 images released before June 21, 2024 hot fix.
22.1.3 June 21, 2024 Hot Fix and later.
22.1.2
22.1.2 image released before June 21, 2024 hot fix.
22.1.2 June 21, 2024 Hot Fix and later.
22.1.1
All
None. Please upgrade to 22.1.3 latest version.
21.2.3
21.2.3 images released before June 21, 2024 hot fix.
21.2.3 June 21, 2024 and later.
21.2.2
All
None. Please upgrade to 21.2.3 latest version.
What should Versa customers do?
Apply hardening best practices – Customers should ensure that they have followed recommended best practices for security hardening of Versa Director. Customers can access detailed system hardening and firewall rules guidelines here:
Firewall Guidelines: Firewall Requirements (since 2015): This document details the necessary ports and protocols that need to be opened on the appropriate interfaces.
System Hardening (since 2017): This document provides comprehensive steps for implementing the hardening process for all components of the Versa solution.
Upgrade Director to one of the remediated versions – Versa recommends that the Director software be upgraded as soon as possible to one of the remediated software versions (see Resources below).
Check to see if the vulnerability has already been exploited – to identify if the vulnerability has already been exploited, customers can inspect the /var/versa/vnms/web/custom_logo/ folder for any suspicious files having been uploaded. Running the command: file -b –mime-type <.png file> should report the file type as “image/png”.
If you are a Versa customer who needs assistance with patching, system hardening, or remediation, please contact Versa Technical Support.
Resources
Customers can access one of the patched/remediated versions of Versa Director from the following software download links:
CISA Known Exploited Vulnerability Catalog – This CVE information is publicly available from CISA (Cybersecurity and Infrastructure Security Agency – part of the U.S. Department of Homeland Security), which curates a list of CVEs called the Known Exploited Vulnerabilities (KEV) catalog at CVE-2024-39717 – Versa Director Dangerous File Type Upload Vulnerability.
Versa Security Portal – Versa has updated the PSIRT section of the Versa Security Portal with CVE-2024-39717 to ensure that customers have one place to go for information and our most current information and remediation guidance. (Versa customer access only)
Versa System Hardening Guidelines – (available since 2017): This document provides comprehensive steps for implementing the hardening process for all components of the Versa solution.
Versa Firewall Requirements – Firewall Requirements (available since 2015): This document details the necessary ports and protocols that need to be opened on the appropriate interfaces.
The bottom line: Versa is actively reaching out and working with our customers and partners to ensure their safety by applying patches and hardening their attack surfaces per guidelines.
Versa Networks has been positioned in the highest ranked three vendors for all five Use Cases in the 2023 Gartner® Critical Capabilities for SD-WAN Report.