Chinese state-sponsored hackers exploited a zero-day vulnerability in Versa Director, an SD-WAN infrastructure management software platform used by Internet service providers (ISPs) and managed service providers (MSPs). The group, known in the security industry as Volt Typhoon, has targeted key US infrastructure organizations in the past.
“Black Lotus Labs has identified a zero-day exploit for Versa Director servers, now assigned CVE-2024-39717, since at least June 12, 2024,” researchers from Lumen Technologies’ Black Lotus Labs team wrote in a report. “This exploit campaign remains highly concentrated, affecting only a few US victims in the ISP, MSP and IT sectors.”
Versa Networks, developer of Versa Director and other SD-WAN and SASE products, patched the CVE-2024-39717 vulnerability this week, but warned customers to update their firewall requirements on July 26 and informed them about the bug that was exploited on August 9. .
Source link