CISA Adds One Known Exploited Vulnerability to Catalog for Versa Networks Director

CISA has added CVE-2024-39717 to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. This vulnerability allows malicious actors to upload dangerous file types to Versa Director, posing a significant risk to federal enterprises. BOD 22-01 requires FCEB agencies to remediate vulnerabilities in the Catalog by specific due dates. Although BOD 22-01 applies only to FCEB agencies, CISA recommends that all organizations prioritize patching Catalog vulnerabilities. CISA will continue to update the Catalog with vulnerabilities meeting specific criteria. This addition to the Catalog emphasizes the importance of timely vulnerability remediation in reducing cyberattack risk.