aiwithwords logo

Zero-Day Vulnerability in Versa Director Servers Exposed by Hackers

Meta Llama
Zero-Day Vulnerability in Versa Director Servers Exposed by Hackers

Zero-Day Vulnerability in Versa Director Servers Exposed by Hackers

A zero-day vulnerability in Versa Director servers, used by managed service providers and internet service providers, has been exposed by hackers. The vulnerability, known as CVE-2024-39717, was added to CISA’s “Known Exploited Vulnerabilities Catalog” on August 23 after Lumen Technologies discovered its active exploitation.

The Exploitation of CVE-2024-39717

CVE-2024-39717 was exploited by a Chinese state-sponsored hacking group known as Volt Typhoon. The group used a custom-tailored web shell called “VersaMem” to intercept credentials that attackers could use to gain authorized access to other user networks. According to Black Lotus Labs, the exploitation of CVE-2024-39717 has been linked to Volt Typhoon with “moderate confidence.”

Versa Networks Recommendations

To protect against this vulnerability, Versa Networks recommends the following:

  • Patch immediately: Patches for versions 21.2.3, 22.1.2, and 22.1.3 are available.
  • Apply hardening best practices: Versa Networks recommends following its Firewall and System Hardening requirements.
  • Check to see if the vulnerability has already been exploited: Inspect for suspicious files, search for interactions with port 4566, check for newly created user accounts, and review existing accounts, logs, and credentials.
  • Block external access to ports 4566 and 4570: Ensure the ports are only open between the active and standby Versa Director nodes for HA-pairing traffic.

Protect Your Organization

It’s essential to protect your organization from this zero-day vulnerability by taking the recommended steps above. Keep your software up-to-date, and be aware of the latest cybersecurity news and solutions. Stay vigilant and strengthen your IT security defenses to prevent attacks.

My Thoughts

Zero-Day Vulnerability in Versa Director Servers Exposed by Hackers

A recent discovery has left the cybersecurity world reeling as a zero-day vulnerability in Versa Director servers has been exploited by the Chinese state-sponsored hacking group, Volt Typhoon. This vulnerability, identified as CVE-2024-39717, has been added to CISA’s “Known Exploited Vulnerabilities Catalog” and has been given a high-severity rating by Versa Networks.

The Vulnerability and Its Impact

The vulnerability allows authenticated users with high-level privileges to upload malicious files, which can then execute harmful code. This can lead to unauthorized access and privilege escalation. The Volt Typhoon threat actors have been using a custom web shell, known as “VersaMem,” to intercept credentials and gain access to other user networks.

Recommendations for Users

Users of Versa Director servers are advised to patch their systems immediately, apply hardening best practices, and check to see if the vulnerability has already been exploited. Additionally, users should block external access to ports 4566 and 4570 and review existing accounts, logs, and credentials for any signs of compromise.

It is essential for users to take these recommendations seriously and take immediate action to protect their systems from this vulnerability. The potential for a large-scale attack is high, and users must be proactive in their defense

    leave a reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *