FPSA005: CSRF Add Admin Exploit

Summary

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device by adding a user with Administrator privileges.

Affected Products

WARP, MPVPN, IPVPN

10.1.2 and 10.2.2 versions prior to releases with the fix (see Fixed Software).

Details

A vulnerability in the web management interface of FatPipe software could allow an authenticated, remote attacker with read-only privileges to elevate privileges to the level of an Administrator user on an affected device by adding a user with Administrator privileges.

The vulnerability is due to a lack of input and validation checking mechanisms for certain HTTP requests on an affected device. An attacker could exploit this vulnerability by sending a modified HTTP request to the affected device. An exploit could allow the attacker as a read-only user to execute functions as if they were an administrative user.

FatPipe has released software updates that address this vulnerability.

Workarounds

There are no workarounds that address this vulnerability. To mitigate the vulnerability, disable UI access on all the WAN interfaces or configure Access Lists on the interface page to allow access only from trusted sources.

Fixed Software

10.1.2r60p91 or later
10.2.2r42 or later

Source
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php