SecurityWeek reports that more than 160 Versa Director servers continue to be online amid attacks by Chinese advanced persistent threat operation Volt Typhoon exploiting the high-severity zero-day, tracked as CVE-2024-39717, which has already been included in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog.
Internet-exposed Versa Director instances were from the U.S., Philippines, India, and Shanghai, according to data from Censys, which emphasized the significant attack surface despite uncertainties regarding the total number of servers unpatched against the zero-day. The flaw could be exploited across Versa Director-using Versa SD-WAN implementations without proper firewall and system hardening measures, according to researchers from Lumen Technologies' Black Lotus Labs, which discovered and reported the issue, as well as provided indicators of compromise and YARA rules for threat hunting activities. Such a development comes after Volt Typhoon was reported by the U.S. to have been readying for attacks against the country's critical infrastructure.
