A Chinese cyber-espionage group, known as Volt Typhoon, has been exploiting a newly discovered security flaw in Versa Networks’ SD-WAN Director servers. This zero-day vulnerability, identified as CVE-2024-39717, has already been used to infiltrate several organizations. Given the seriousness of this issue, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has listed it among known exploited vulnerabilities, urging immediate corrective actions.
The CVE-2024-39717 vulnerability impacts all versions of Versa Director released before version 22.1.4. The issue originates from a feature in the system’s graphical user interface (GUI) that allows for customisation. Versa Director is a crucial part of Versa Networks’ software-defined wide area networking (SD-WAN) solutions, which are used by ISPs, MSPs, and large corporations to manage network devices, route traffic, and enforce security policies. Unfortunately, this vulnerability enables attackers to steal user credentials, potentially leading to further attacks.
Dan Maier, Versa’s Chief Marketing Officer, noted that this flaw could allow attackers to escalate privileges without authorization. Attackers can initially access Versa Director through high-availability management ports 4566 and 4570, particularly if these ports are left open to the internet. Once inside, they can gain administrator-level credentials, giving them complete control over the system. Maier emphasised that Versa has long advised customers to limit access to these critical ports to prevent such security breaches.
The vulnerability was fi
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.