| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit | primary_impact | T1505.003 | Web Shell |
Comments
CVE-2021-27860 is a vulnerability in the web management interface in FatPipe software. The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.
References
|
| CVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit | exploitation_technique | T1190 | Exploit Public-Facing Application |
Comments
CVE-2021-27860 is a vulnerability in the web management interface in FatPipe software. The vulnerability allowed APT actors to gain access to an unrestricted file upload function to drop a webshell for exploitation activity with root access, leading to elevated privileges and potential follow-on activity. Exploitation of this vulnerability then served as a jumping off point into other infrastructure for the APT actors.
References
|