A zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers, has been exposed by hackers. The vulnerability, known as CVE-2024-39717, was added to CISA’s “Known Exploited Vulnerabilities Catalog” on August 23 after Lumen Technologies discovered its active exploitation.
CVE-2024-39717 was exploited by a Chinese state-sponsored hacking group known as Volt Typhoon. The group used a custom-tailored web shell called “VersaMem” to intercept credentials that attackers could use to gain authorized access to other user networks. According to Black Lotus Labs, the exploitation of CVE-2024-39717 has been linked to Volt Typhoon with “moderate confidence.”
To protect against this vulnerability, Versa Networks recommends the following:
It’s essential to protect your organization from this zero-day vulnerability by taking the recommended steps above. Keep your software up-to-date, and be aware of the latest cybersecurity news and solutions. Stay vigilant and strengthen your IT security defenses to prevent attacks.
A recent discovery has left the cybersecurity world reeling as a zero-day vulnerability in Versa Director servers has been exploited by the Chinese state-sponsored hacking group, Volt Typhoon. This vulnerability, identified as CVE-2024-39717, has been added to CISA’s “Known Exploited Vulnerabilities Catalog” and has been given a high-severity rating by Versa Networks.
The vulnerability allows authenticated users with high-level privileges to upload malicious files, which can then execute harmful code. This can lead to unauthorized access and privilege escalation. The Volt Typhoon threat actors have been using a custom web shell, known as “VersaMem,” to intercept credentials and gain access to other user networks.
Users of Versa Director servers are advised to patch their systems immediately, apply hardening best practices, and check to see if the vulnerability has already been exploited. Additionally, users should block external access to ports 4566 and 4570 and review existing accounts, logs, and credentials for any signs of compromise.
It is essential for users to take these recommendations seriously and take immediate action to protect their systems from this vulnerability. The potential for a large-scale attack is high, and users must be proactive in their defense