The U.S. Federal Bureau of Investigation (FBI) has announced that an unknown threat actor has been exploiting a previously unknown vulnerability in FatPipe MPVPN network devices since at least May 2021 to gain a foothold and maintain permanent access to vulnerable networks, according to the latest company , which joins Cisco, Fortinet, Citrix and Pulse Secure, whose systems have been exploited in the wild.

“The vulnerability allowed APT actors to gain access to an unrestricted file upload facility in order to delete a web shell for exploitation activities with root access, resulting in increased privileges and possible follow-up activities,” the agency said called in a warning posted this week. “The exploitation of this weak point then served the APT actors as a stepping stone into a different infrastructure.”

Automatic GitHub backups

In other words, the zero-day vulnerability allows a remote attacker to upload a file to any location in the file system on an affected device. The vulnerability affects …

.



Source link

Leave a Reply