Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

Cybersecurity researchers from Lumen’s Black Lotus Labs attribute a recently detected exploit of a vulnerability (CVE-2024-39717) in Versa Director to Chinese threat actors Volt Typhoon and Bronze Silhouette. The attackers use a custom-built web shell, named VersaMem, to breach U.S. managed service providers and access client networks. The exploit was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities catalog in August 2024, and Versa Networks has since issued a patch.