You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Threat Intelligence Alert: APT Groups exploiting a 0-day in FatPipe WARP, MPVPN, and IPVPN Software
Key Details
CVE Not Yet Assigned
Disclosure Date – 16th November 2021
CVSS Score – N/A
Affected Products – FatPipe MPVPN device software
Exploit Released – Yes
Patch Available – Yes
Summary
During in November 2021 the FBI identified APT exploitation of a zero-day vulnerability in the FatPipe MPVPN device software, dating back to May. This vulnerability allows threat actors to access an unrestricted file upload function, allowing them to then deploy webshells for root access exploitation. This then allowed the threat actors to move laterally across the compromised network to other infrastructure. Although this vulnerability has not yet been assigned a CVE number, details on it can be found in the following advisory released by FatPipe: https://fatpipeinc.com/support/cve-list.php.
Mitigation
FatPipe have released a patch for this vulnerability as of the 16th of November, which can be found by following the above link. Further mitigation steps include disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.
NCC Group Actions
The NCC Group Threat Intelligence team is actively monitoring for further reports relating to this vulnerability.