The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets’ networks.
FatPipe is a Salt Lake City computer networking hardware firm headquartered specializing in WAN optimization solutions with many Fortune 1000 companies on its customer list.
Organizations from all major industry sectors use FatPipe products, including government and military entities, municipalities, utilities, educational facilities, and financial and medical institutions.
“As of November 2021, FBI forensic analysis indicated exploitation of a 0-day vulnerability in the FatPipe MPVPN device software going back to at least May 2021,” the FBI said in a flash alert issued this week.
“The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity.”