Yesterday, cybersecurity firm Censys shared live search queries showing hundreds of potentially exposed Versa Director servers (CVE-2024-39717) presenting an open attack surface for threat actors. On Tuesday, WaterISAC shared how state-sponsored threat actor Volt Typhoon has been observed exploiting the Versa Director vulnerability in ISP and MSP servers, potentially leaving water and wastewater organizations of various sizes open to attack.    

Versa Director servers are utilized to oversee network configurations for clients operating SD-WAN software, and they are frequently employed by ISPs and MSPs. This makes them an appealing target for threat actors aiming to expand their influence within enterprise network management. Given that these servers are widely used by ISPs and MSPs, the extent of the exposure is considered enormous.

Versa Networks has released patches (available only on password-protected support portal) for versions 21.2.3, 22.1.2, and 22.1.3.

For more information, visit SecurityWeek. For details of the observed Versa Director intrusions and IOCs, visit Black Lotus Labs.