Home > Security Center

Font Adjust: A | A | A

An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software

An APT Group Exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software

TLP:WHITE

SUMMARY

As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN® device software1 going back to at least May 2021. The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors. This vulnerability is not yet identified with a CVE number but can be located with the FatPipe Security Advisory number FPSA006. The vulnerability affects all FatPipe WARP®, MPVPN, and IPVPN® device software prior to the latest version releases 10.1.2r60p93 and 10.2.2r44p1.

The compromise of affected systems running FatPipe MPVPN software involves exploiting a servlet at the URL path /fpui/uploadConfigServlet and dropping a webshell /fpui/img/1.jsp with root privileges.

Please click here to read more detail

1 A patented router clustering device.

TLP:WHITE

This website and the articles contained within are provided as a free service to you and for general informational purposes only. Information on this website is not intended to provide legal, accounting, tax or other advice. Please consult your attorney, accountant, or financial or other advisor with regard to your individual situation. We also make no warranty or representation regarding, and do not endorse, any linked websites or the information appearing there.
© 2024 Small Business Resources.