Security Flaw in Versa Director: Your PNGs Might Just Be Trojan Horses
CISA has flagged CVE-2024-39717 in Versa Director’s “Change Favicon” feature as a Known Exploited Vulnerability. This bug allows threat actors to upload malicious files disguised as .PNG images, but only after admin-level authentication. Agencies must apply fixes by September 13, 2024.
Hot Take:
Just when you thought it was safe to change your favicon, think again! Versa Director’s “Change Favicon” feature has gone rogue, proving that even the tiniest icons can pack a punch. Time to reconsider that fancy image of your cat as a security risk!
Key Points:
- CISA adds Versa Director flaw (CVE-2024-39717) to its KEV catalog due to active exploitation evidence.
- The medium-severity vulnerability (CVSS score: 6.6) allows malicious file uploads via the “Change Favicon” feature.
- Successful exploitation requires authentication by a user with high privileges.
- Federal agencies must apply fixes by September 13, 2024.
- CISA also recently added four other vulnerabilities from 2021 and 2022 to the KEV catalog.
Membership Required
You must be a member to access this content.