Chinese hackers are exploiting a dangerous vulnerability in Versa Director servers

28 August 2024 1 minute

The Black Lotus Labs team has discovered active exploitation of a zero-day vulnerability in Versa Director servers used by many ISPs and network management companies. The vulnerability allows attackers to intercept credentials and execute malicious code that compromises the security of networks.

The CVE-2024-39717 vulnerability found in Versa Director software was publicly disclosed on August 22, 2024. It affects all versions of Versa Director prior to 22.1.4 and allows attackers to intercept user credentials and run additional malicious code directly in memory, making it particularly vulnerable. The main attack tool was a specially created VersaMem web shell that integrates with Versa Director servers and uses them to control the network infrastructure.

Versa Director is software that provides network configuration management for customers, primarily ISPs and managed service providers. This makes these servers an attractive target for hacking groups looking to gain control of large-scale networks or infiltrate additional networks.

Due to the severity of the vulnerability and its active exploitation, Black Lotus Labs recommends that you immediately update the Versa Director software to version 22.1.4 or later and take additional security measures to protect your networks from potential attacks.

Other related articles
Found an error?
If you find an error, take a screenshot and send it to the bot.