A zero-day VPN software flaw exploited by a group of APTs

The FBI has warned that a group of high-level attackers, APT says, has been exploiting a zero-day flaw in FatPipe-branded VPN products since May 2021.

The FBI said its forensic analysis showed that exploitation of the “zero-day” flaw in FatPipe WARP, MPVPN and IPVPN software by a group of Advanced Persistent Threats (APTs) dates back to at least May 2021. He did not provide any additional information on the identity of the group. The vulnerability allowed attackers to access an unrestricted file upload feature to drop a webshell for exploit activity with root access, leading to elevation of privilege and possible spying activity. The FBI notes: “Exploitation of this vulnerability served as a stepping stone to another infrastructure for hackers.”

The FBI has said that the vulnerability affects all FatPipe WARP, MPVPN, and IPVPN software prior to the latest versions, 10.1.2r60p93 and 10.2.2r44p1.

Sensitive operational activity detection

He cautioned that detecting exploit activity could be difficult, as cleanup scripts designed to remove traces of attackers’ activity have been discovered in most cases. “Organizations that identify any activity related to these indicators of compromise within their networks should take immediate action,” the FBI said in an alert.

“The FBI urges system administrators to immediately update their devices and follow other FatPipe security recommendations, such as disabling the user interface and SSH access from the WAN interface (facing outward) when not in use.”

FatPipe has its own advisory FPSA006, which states: “A vulnerability in the web management interface of the FatPipe software could allow a remote attacker to download a file to any location in the file system on an affected device.” The vulnerability is due to the lack of input verification and validation mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. ”

Source: “.com”

Woodmart Theme Nulled, WP Reset Pro, Newspaper 11.2, Newspaper – News & WooCommerce WordPress Theme, Premium Addons for Elementor, Rank Math Seo Pro Weadown, WeaPlay, WordPress Theme, Plugins, PHP Script, Jannah Nulled, Elementor Pro Weadown, Woocommerce Custom Product Ad, Business Consulting Nulled, Jnews 8.1.0 Nulled, Avada 7.4 Nulled, Nulledfire, Dokan Pro Nulled, Yoast Nulled, Flatsome Nulled, PW WooCommerce Gift Cards Pro Nulled, Astra Pro Nulled, Woodmart Theme Nulled, Slider Revolution Nulled, Wordfence Premium Nulled, Elementor Pro Weadown, Wpml Nulled, Consulting 6.1.4 Nulled, Fs Poster Plugin Nulled

Back to top button