FBI Issued Flash Alert For FatPipe Zero-Day Bug Under Attack

FBI has recently warned users of an actively exploited zero-day vulnerability in FatPipe SD-WAN products. The officials found this bug under attack since May this year, users are advised to patch their devices.

FBI Warns Of FatPipe Zero-Day

In a recently issued flash alert, the FBI Cyber Division has highlighted a recently-patched zero-day vulnerability in FatPipe software. Exploiting this vulnerability allows an attacker to upload malicious files on the target system.

The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.

Although, FatPipe has addressed this vulnerability recently. Describing this bug in their advisory (FPSA006), the vendors explained that the bug resided in the web management interface of FatPipe software (WARP, MPVPN, IPVPN). Regarding the root cause, the advisory reads,

The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device.

FatPipe has patched the bug with the latest versions, 10.1.2r60p93 or later and 10.2.2r44p1 or later.

Nonetheless, users should ensure updating their systems at the earliest given how the attackers are actively exploiting this flaw. Moreover, FatPipe has confirmed no workaround for this vulnerability, emphasizing the importance of this fix.

FBI also urges the users for the same.

FBI strongly urges system administrators to upgrade their devices immediately and to follow other FatPipe security recommendations such as disabling UI and SSH access from the WAN interface (externally facing) when not actively using it.

In addition, the security officials also recommend the organizations report to the FBI if they detect such exploitation.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients