Exploits / Vulnerability Discovered : 2021-09-28 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Fatpipe networks warp/ipvpn/mpvpn 10.2.2 remote privilege escalation is for educational purposes only and if it is used you will do on your own risk!
#!/usr/bin/env python3
#
#
# FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Remote Privilege Escalation
#
#
# Vendor: FatPipe Networks Inc.
# Product web page: https://www.fatpipeinc.com
# Affected version: WARP / IPVPN / MPVPN
# 10.2.2r38
# 10.2.2r25
# 10.2.2r10
# 10.1.2r60p82
# 10.1.2r60p71
# 10.1.2r60p65
# 10.1.2r60p58s1
# 10.1.2r60p58
# 10.1.2r60p55
# 10.1.2r60p45
# 10.1.2r60p35
# 10.1.2r60p32
# 10.1.2r60p13
# 10.1.2r60p10
# 9.1.2r185
# 9.1.2r180p2
# 9.1.2r165
# 9.1.2r164p5
# 9.1.2r164p4
# 9.1.2r164
# 9.1.2r161p26
# 9.1.2r161p20
# 9.1.2r161p17
# 9.1.2r161p16
# 9.1.2r161p12
# 9.1.2r161p3
# 9.1.2r161p2
# 9.1.2r156
# 9.1.2r150
# 9.1.2r144
# 9.1.2r129
# 7.1.2r39
# 6.1.2r70p75-m
# 6.1.2r70p45-m
# 6.1.2r70p26
# 5.2.0r34
#
# Summary: FatPipe Networks invented the concept of router-clustering,
# which provides the highest level of reliability, redundancy, and speed
# of Internet traffic for Business Continuity and communications. FatPipe
# WARP achieves fault tolerance for companies by creating an easy method
# of combining two or more Internet connections of any kind over multiple
# ISPs. FatPipe utilizes all paths when the lines are up and running,
# dynamically balancing traffic over the multiple lines, and intelligently
# failing over inbound and outbound IP traffic when ISP services and/or
# components fail.
#
# FatPipe IPVPN balances load and provides reliability among multiple
# managed and CPE based VPNs as well as dedicated private networks. FatPipe
# IPVPN can also provide you an easy low-cost migration path from private
# line, Frame or Point-to-Point networks. You can aggregate multiple private,
# MPLS and public networks without additional equipment at the provider's
# site.
#
# FatPipe MPVPN, a patented router clustering device, is an essential part
# of Disaster Recovery and Business Continuity Planning for Virtual Private
# Network (VPN) connectivity. It makes any VPN up to 900% more secure and
# 300% times more reliable, redundant and faster. MPVPN can take WANs with
# an uptime of 99.5% or less and make them 99.999988% or higher, providing
# a virtually infallible WAN. MPVPN dynamically balances load over multiple
# lines and ISPs without the need for BGP programming. MPVPN aggregates up
# to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed
# you need to keep your VPN up and running despite failures of service, line,
# software, or hardware.
#
# Desc: The application suffers from a privilege escalation vulnerability.
# A normal user (group USER, 0) can elevate her privileges by sending a HTTP
# POST request and setting the JSON parameter 'privilege' to integer value
# '1' gaining administrative rights (group ADMINISTRATOR, 1).
#
# Tested on: Apache-Coyote/1.1
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# @zeroscience
#
#
# Advisory ID: ZSL-2021-5685
# Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php
#
#
# 30.05.2016
# 25.07.2021
#
#
if not 'true' in stanje.text:
print('\n[GRE] Something\'s fishy!')
sys.exit()
else:
print('\n[POR] You are now authorized not only to view settings, but to modify them as well. Yes indeed.')
sys.exit()