Patch now! Network software Versa Director attacked
Attackers are currently exploiting a vulnerability in the Versa Director virtualization and service creation platform.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Network admins should update Versa Director quickly due to ongoing attacks. The developers have closed a security gap in the latest version.
Among other things, Versa Director provides Secure Access Service Edge (SASE) services in networks. If the conditions are right, attackers can attack networks. According to a warning from software manufacturer Versa Networks, this has already happened in at least one case. In the meantime, the US Cybersecurity & Infrastructure Security Agency (CISA) has included the gap in its catalog of currently exploited vulnerabilities.
Prerequisites for attacks
The vulnerability (CVE-2024-39717) is classified as a"high" threat level. However, attacks are not possible, without further ado and should only affect users who have not protected their systems in accordance with Versa Networks' firewall and system hardening requirements. In addition, an attacker must be in a position with rights as a Provider Data Center Admin or Provider Data Center System Admin.
If this is the case, an attacker can access the Versa Director GUI and change the favicon due to the vulnerability. In the course of this, they can upload a PNG image prepared with malicious code and thus compromise systems.
According to the developers, Versa Director versions 21.2.3, 22.1.2 and 22.1.3 are affected. In the warning message, they do not mention the specific version numbers of the patched versions. Only registered customers can view the links to these versions.
Admins can look for suspicious files under /var/versa/vnms/web/custom_logo/ to identify systems that have already been attacked.
(des)
