{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/antikor-ngfw-2.0.1301/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["Antikor NGFW 2.0.1301"],"_cs_severities":["high"],"_cs_tags":["authentication bypass","webapps"],"_cs_type":"advisory","_cs_vendors":["ePati"],"content_html":"\u003cp\u003eA public webapps exploit has been published on Exploit-DB for ePati Antikor NGFW 2.0.1301, demonstrating an authentication bypass vulnerability (EDB-52562). The availability of a working exploit significantly elevates the risk for unpatched systems, as attackers can potentially gain unauthorized access to the NGFW\u0026rsquo;s administrative interface and sensitive data. This exploit allows attackers to bypass authentication mechanisms, potentially leading to complete compromise of the affected system. Defenders need to prioritize patching or implementing mitigations to prevent potential exploitation.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker identifies a vulnerable ePati Antikor NGFW 2.0.1301 instance exposed to the network.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious HTTP request leveraging the authentication bypass vulnerability.\u003c/li\u003e\n\u003cli\u003eThe crafted request is sent to the target NGFW instance.\u003c/li\u003e\n\u003cli\u003eThe NGFW fails to properly validate the attacker\u0026rsquo;s identity due to the authentication bypass.\u003c/li\u003e\n\u003cli\u003eThe attacker gains unauthorized access to the administrative interface.\u003c/li\u003e\n\u003cli\u003eThe attacker modifies firewall rules to allow malicious traffic.\u003c/li\u003e\n\u003cli\u003eThe attacker gains access to sensitive network data and configurations.\u003c/li\u003e\n\u003cli\u003eThe attacker may install backdoors or further compromise internal systems.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability allows attackers to bypass authentication and gain unauthorized access to the ePati Antikor NGFW 2.0.1301. This can lead to complete compromise of the firewall, allowing attackers to modify firewall rules, gain access to sensitive network data, and potentially pivot to internal systems. The impact includes data breaches, network disruptions, and further compromise of the internal network.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule provided in this brief to your SIEM to detect exploitation attempts against ePati Antikor NGFW (rule: \u0026ldquo;Detect ePati Antikor NGFW Authentication Bypass Attempt\u0026rdquo;).\u003c/li\u003e\n\u003cli\u003eAnalyze web server logs for suspicious requests targeting the ePati Antikor NGFW administrative interface to identify potential exploitation attempts.\u003c/li\u003e\n\u003cli\u003eUpgrade ePati Antikor NGFW to a patched version that addresses the authentication bypass vulnerability.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-05-14T13:03:18Z","date_published":"2026-05-14T13:03:18Z","id":"https://feed.craftedsignal.io/briefs/2026-05-epati-antikor-auth-bypass/","summary":"A public exploit has been published for ePati Antikor NGFW 2.0.1301, exploiting an authentication bypass vulnerability, increasing the risk to unpatched systems.","title":"ePati Antikor NGFW 2.0.1301 Authentication Bypass Vulnerability","url":"https://feed.craftedsignal.io/briefs/2026-05-epati-antikor-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Antikor NGFW 2.0.1301","version":"https://jsonfeed.org/version/1.1"}