The vulnerability, tracked as CVE-2024-39717, allows a threat actor to upload a malicious file masquerading as a PNG image, exploiting the 'Change Favicon' feature.
CISA noted that exploitation of this flaw only occurs after an attacker with proper admin privileges successfully logs in, highlighting the importance of securing these accounts.
A confirmed instance was reported where the user failed to implement critical firewall guidelines, enabling exploitation of the vulnerability without using the GUI.
Federal agencies must address the CVE-2024-39717 flaw by applying vendor fixes by September 13, 2024, demonstrating the urgency to mitigate this security risk.
[
Collection
]
[
|
...
]