CVE-2024-39717

The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin. (Tenant level users do not have this privilege). The “Change Favicon” (Favorite Icon) option can be mis-used to upload a malicious file ending with .png extension to masquerade as image file. This is possible only after a user with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin has successfully authenticated and logged in.

Published: Aug 22, 2024
Updated: Nov 4, 2025
CVE: CVE-2024-39717
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.2
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWEs:

CWE-434

Affected Software
References

Software	From	Fixed in
versa-networks / versa_director	21.2.3	21.2.3.x
versa-networks / versa_director	22.1.1	22.1.1.x
versa-networks / versa_director	22.1.2	22.1.2.x
versa-networks / versa_director	22.1.3	22.1.3.x
versa-networks / versa_director	21.2.2	21.2.2.x

Vulnerability Database

309,237

CVE-2024-39717

Deep Security Visibility Without the Complexity