Lucene search
HistoryDec 15, 2021 - 8:15 p.m.
CVE-2021-27856
cve-2021-27856
fatpipe
warp
ipvpn
mpvpn
cmuser
administrative privileges
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.4%
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named “cmuser” that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
Affected configurations
Node
fatpipeincipvpn_firmwareMatch5.2.0r34
ORfatpipeincipvpn_firmwareMatch6.1.2r70p26
ORfatpipeincipvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincipvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincipvpn_firmwareMatch7.1.2r39
ORfatpipeincipvpn_firmwareMatch9.1.2r129
ORfatpipeincipvpn_firmwareMatch9.1.2r144
ORfatpipeincipvpn_firmwareMatch9.1.2r150
ORfatpipeincipvpn_firmwareMatch9.1.2r156
ORfatpipeincipvpn_firmwareMatch9.1.2r161p12
ORfatpipeincipvpn_firmwareMatch9.1.2r161p16
ORfatpipeincipvpn_firmwareMatch9.1.2r161p17
ORfatpipeincipvpn_firmwareMatch9.1.2r161p2
ORfatpipeincipvpn_firmwareMatch9.1.2r161p20
ORfatpipeincipvpn_firmwareMatch9.1.2r161p26
ORfatpipeincipvpn_firmwareMatch9.1.2r161p3
ORfatpipeincipvpn_firmwareMatch9.1.2r164
ORfatpipeincipvpn_firmwareMatch9.1.2r164p4
ORfatpipeincipvpn_firmwareMatch9.1.2r164p5
ORfatpipeincipvpn_firmwareMatch9.1.2r165
ORfatpipeincipvpn_firmwareMatch9.1.2r180p2
ORfatpipeincipvpn_firmwareMatch9.1.2r185
ORfatpipeincipvpn_firmwareMatch10.1.2r60p10
ORfatpipeincipvpn_firmwareMatch10.1.2r60p13
ORfatpipeincipvpn_firmwareMatch10.1.2r60p32
ORfatpipeincipvpn_firmwareMatch10.1.2r60p35
ORfatpipeincipvpn_firmwareMatch10.1.2r60p45
ORfatpipeincipvpn_firmwareMatch10.1.2r60p55
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincipvpn_firmwareMatch10.1.2r60p65
ORfatpipeincipvpn_firmwareMatch10.1.2r60p71
ORfatpipeincipvpn_firmwareMatch10.1.2r60p82
ORfatpipeincipvpn_firmwareMatch10.2.2r10
ORfatpipeincipvpn_firmwareMatch10.2.2r25
ORfatpipeincipvpn_firmwareMatch10.2.2r38
fatpipeincipvpnMatch-
Node
fatpipeincmpvpn_firmwareMatch5.2.0r34
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p26
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincmpvpn_firmwareMatch7.1.2r39
ORfatpipeincmpvpn_firmwareMatch9.1.2r129
ORfatpipeincmpvpn_firmwareMatch9.1.2r144
ORfatpipeincmpvpn_firmwareMatch9.1.2r150
ORfatpipeincmpvpn_firmwareMatch9.1.2r156
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p12
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p16
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p17
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p20
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p26
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p3
ORfatpipeincmpvpn_firmwareMatch9.1.2r164
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p4
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p5
ORfatpipeincmpvpn_firmwareMatch9.1.2r165
ORfatpipeincmpvpn_firmwareMatch9.1.2r180p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r185
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p10
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p13
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p32
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p35
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p45
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p55
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p65
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p71
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p82
ORfatpipeincmpvpn_firmwareMatch10.2.2r10
ORfatpipeincmpvpn_firmwareMatch10.2.2r25
ORfatpipeincmpvpn_firmwareMatch10.2.2r38
fatpipeincmpvpnMatch-
Node
fatpipeincwarp_firmwareMatch5.2.0r34
ORfatpipeincwarp_firmwareMatch6.1.2r70p26
ORfatpipeincwarp_firmwareMatch6.1.2r70p45-m
ORfatpipeincwarp_firmwareMatch6.1.2r70p75-m
ORfatpipeincwarp_firmwareMatch7.1.2r39
ORfatpipeincwarp_firmwareMatch9.1.2r129
ORfatpipeincwarp_firmwareMatch9.1.2r144
ORfatpipeincwarp_firmwareMatch9.1.2r150
ORfatpipeincwarp_firmwareMatch9.1.2r156
ORfatpipeincwarp_firmwareMatch9.1.2r161p12
ORfatpipeincwarp_firmwareMatch9.1.2r161p16
ORfatpipeincwarp_firmwareMatch9.1.2r161p17
ORfatpipeincwarp_firmwareMatch9.1.2r161p2
ORfatpipeincwarp_firmwareMatch9.1.2r161p20
ORfatpipeincwarp_firmwareMatch9.1.2r161p26
ORfatpipeincwarp_firmwareMatch9.1.2r161p3
ORfatpipeincwarp_firmwareMatch9.1.2r164
ORfatpipeincwarp_firmwareMatch9.1.2r164p4
ORfatpipeincwarp_firmwareMatch9.1.2r164p5
ORfatpipeincwarp_firmwareMatch9.1.2r165
ORfatpipeincwarp_firmwareMatch9.1.2r180p2
ORfatpipeincwarp_firmwareMatch9.1.2r185
ORfatpipeincwarp_firmwareMatch10.1.2r60p10
ORfatpipeincwarp_firmwareMatch10.1.2r60p13
ORfatpipeincwarp_firmwareMatch10.1.2r60p32
ORfatpipeincwarp_firmwareMatch10.1.2r60p35
ORfatpipeincwarp_firmwareMatch10.1.2r60p45
ORfatpipeincwarp_firmwareMatch10.1.2r60p55
ORfatpipeincwarp_firmwareMatch10.1.2r60p58
ORfatpipeincwarp_firmwareMatch10.1.2r60p58s1
ORfatpipeincwarp_firmwareMatch10.1.2r60p65
ORfatpipeincwarp_firmwareMatch10.1.2r60p71
ORfatpipeincwarp_firmwareMatch10.1.2r60p82
ORfatpipeincwarp_firmwareMatch10.2.2r10
ORfatpipeincwarp_firmwareMatch10.2.2r25
ORfatpipeincwarp_firmwareMatch10.2.2r38
fatpipeincwarpMatch-
CNA Affected
[
{
"product": "WARP ",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
]Related
prion
prion
Design/Logic Flaw
2021-12-15 20:15:00
nvd
nvd
CVE-2021-27856
2021-12-15 20:15:08
cnvd
cnvd
FatPipe WARP, IPVPN and MPVPN have unspecified vulnerabilities
2021-12-17 00:00:00
cvelist
cvelist
CVE-2021-27856 FatPipe software administrative account with no password
2021-09-27 00:00:00
nessus
nessus
FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities
2023-05-25 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.4%
Related for CVE-2021-27856