Security News > 2024 > August > Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)
2024-08-27 15:47

Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream customers’ networks as an authenticated user. “Based on known and observed tactics and techniques, [Lumen’s] Black Lotus Labs attributes the zero-day exploitation of CVE-2024-39717 and operational use of the VersaMem web shell with moderate confidence … More → The post Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) appeared first on Help Net Security.


News URL

https://www.helpnetsecurity.com/2024/08/27/cve-2024-39717-exploited/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2024-39717 Unrestricted Upload of File with Dangerous Type vulnerability in Versa-Networks Versa Director
The Versa Director GUI provides an option to customize the look and feel of the user interface.
network
low complexity
versa-networks CWE-434
7.2