HomeNewsZero-Day Exploitation in FatPipe VPN by Cybercriminals

Zero-Day Exploitation in FatPipe VPN by Cybercriminals

-

Last Updated on 22/11/2021 by TheDigitalHacker

The FBI has issued a flash alert on an APT group exploiting a zero-day hole in FatPipe devices and software. Fortune 1000 organisations are customers of FatPipe, a networking hardware company.

Cybercriminals are using a zero-day issue in FatPipe’s MPVPN (router clustering device), WARP (WAN redundancy product), and IPVPN, according to FBI forensic research (load-balancing and reliability device for VPNs).

The weakness was discovered in May and was used to break into target networks. All FatPipe MPVPN, IPVPN, and WARP device software versions issued until the newest ones, 10.2.2r44p1 and 10.1.2r60p93, were affected by the zero-day bug employed in these assaults. The bug gave the APT group full access to a file upload feature, allowing them to drop a webshell with root access for exploitation. It resulted in the escalation of privileges and the expansion of activities. The attackers utilised exposed FatPipe devices for lateral movement inside networks after compromising them.

The issue is in the FatPipe software’s online administration interface. On a susceptible device, it happens owing to a lack of input and validity verification for specified HTTP requests. A customised HTTP request might be sent to the device to exploit this issue. A successful exploitation might allow a remote attacker to upload a file to any position on a susceptible device’s file system. The bug does not yet have a CVE ID, however it has been patched in a security advisory called FPSA006.

According to FatPipe’s recommendations, clients should deactivate UI access on all WAN interfaces. For trustworthy sources, they should configure Access Lists on the interface page. A list of signs of compromise and YARA malware signatures is also included in the FBI’s advisory. It also encourages businesses to respond quickly when they see questionable network activity.

Sunaina
Sunaina
A tech enthusiast, with a mission to report data breaches, fraudulent practices, dark pattern practices, and updates. She is also frequently fascinated by fintech and unicorns.
- Advertisment -

Must Read

How to recover data from Office 365? Best data protection standards...

0
You've made the switch to Office 365 to reap the benefits of the cloud.  It is just as important to ensure that your data is...