Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-27860: Technical Support - FatPipe Networks

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

CVE
#csrf#vulnerability#web

CVE List

FPSA001: Remote Privilege Escalation

Summary

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device.

Affected Products

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device.

The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a read-only user to execute functions as if they were an administrative user.

FatPipe has released software updates that address this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php

FPSA002: Hidden Backdoor Account (Write Access)

Summary

For centralized management, FatPipe uses a user account that allows the current logged in user to access multiple devices from the web management interface of FatPipe software. This was not intended to be used to directly log into the web management interface. Someone can use it to log into the web interface.

Affected Products

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

For centralized management, FatPipe uses a user account that allows the current logged in user to access multiple appliances from the web management interface of FatPipe software. This was not intended to be used to directly log into the web management interface. Someone can use it to log into the web management interface.

While this user account is not displayed in the Users list, the customer has control over the password for this user account. On the Users page, you can set the password in for this user.

FatPipe has released software updates that address this vulnerability. Newer versions of our software do not allow a user to login directly using this user account (see Fixed Software).

Workarounds

Disable "Central Manager Login".

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php

FPSA003: Unauthenticated Config Download

Summary

A user is able to create and download a backup file containing the FatPipe device’s configuration using the web management interface of FatPipe software. A vulnerability exists where an unauthenticated user can access the backup file on the system.

Affected Products

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

A user is able to create and download a backup file containing the FatPipe device’s configuration using the web management interface of FatPipe software. A vulnerability exists where an unauthenticated user can access the backup file on the system.

FatPipe has released software updates that address this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php

FPSA004: Authorization Bypass

Summary

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Affected Products

WARP

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

Improper access control occurs when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php

FPSA005: CSRF Add Admin Exploit

Summary

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device by adding a user with Administrator privileges.

Affected Products

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device by adding a user with Administrator privileges.

The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a read-only user to execute functions as if they were an administrative user.

FatPipe has released software updates that address this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php

FPSA006: Config Upload Exploit

Summary

A vulnerability in the web management interface of FatPipe software could allow a remote attacker to upload a file to any location on the filesystem on an affected device.

Affected Products

WARP, MPVPN, IPVPN

All versions prior to the fixed releases (see Fixed Software).

Details

A vulnerability in the web management interface of FatPipe software could allow a remote attacker to upload a file to any location on the filesystem on an affected device.

The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device.

FatPipe has released software updates that address this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vlunerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources…

Fixed Software

10.1.2r60p92 or later
10.2.2r44p1 or later

Source

Found by code review after being made aware of active exploit activity.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907