Latest vulnerability: CVE-2024-39717 #
On August 26, 2024, Versa Networks disclosed a vulnerability affecting the Versa Director platform. Versa Director is used to manage and deploy applications across the Versa VOS platform. This vulnerability allows privilege escalation for users that are able to upload files to the Director system. There is evidence that this vulnerability is being actively exploited in the wild, targeting managed service providers (MSPs) and internet service providers (ISPs).
This vulnerability has been designated CVE-2024-39717.
There is evidence that advanced persistent threat (APT) actors associated with nation states are exploiting this vulnerability, particularly the "Volt Typhoon" espionage group associated with the Chinese government.
What is the impact? #
An attacker that is able to upload files to the Versa Director application can upload a malicious file. Uploading such a file can result in privilege escalation and allow code execution with administrator level privileges. There is evidence that this vulnerability is being actively exploited in the wild.
Are updates or workarounds available? #
Versa Networks has released updates that address this issue and users are encouraged to update as quickly as possible. Additionally, users are advised to avoid exposing the Versa Director administration interface to the public internet.
Users can check for indicators of compromise (IOCs) by examining files in the "/var/versa/vnms/web/custom_logo/" directory. Non-image files in this directory should be investigated.
How to find potentially vulnerable systems with runZero #
From the Service Inventory you can use the following query to locate Versa Director installations:
html.title:"Versa Director" OR http.head.server:"Versa Director"
