Select Page

The U.S. Federal Bureau of Investigation (FBI) has disclosed that an unidentified threat actor has been exploiting a previously unknown weakness in the FatPipe MPVPN networking devices at least since May 2021 to obtain an initial foothold and maintain persistent access into vulnerable networks, making it the latest company to join the likes of Cisco, Fortinet, Citrix, Pulse Secure that have had their systems exploited in the wild.

“The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a web shell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity,” the agency said in an alert published this week. “Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.”

In other words, the zero-day vulnerability enables a remote attacker to upload a file to any location on the filesystem on an affected device. The security flaw impacts the web management interface of FatPipe WARPMPVPN, and IPVPN router clustering and VPN load-balancing devices running software prior to the latest version releases 10.1.2r60p93 and 10.2.2r44p1.

images from Hacker News