CVE-2021-27857

🗓️ 15 Dec 2021 16:14:48Reported by certccType

cve🔗 web.nvd.nist.gov👁 33 Views🌐 WEB

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN softwar

Reporter	Title	Published	Views	Family All 9
CNNVD	FatPipe 安全漏洞	15 Dec 202100:00	–	cnnvd
CNVD	FatPipe WARP, IPVPN, and MPVPN Authorization Vulnerability (CNVD-2021-101933)	17 Dec 202100:00	–	cnvd
Cvelist	CVE-2021-27857 FatPipe software allows unauthenticated configuration download	15 Dec 202116:14	–	cvelist
EUVD	EUVD-2021-14595	7 Oct 202500:30	–	euvd
Tenable Nessus	FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities	25 May 202300:00	–	nessus
NVD	CVE-2021-27857	15 Dec 202120:15	–	nvd
OSV	CVE-2021-27857	15 Dec 202120:15	–	osv
Prion	Authorization	15 Dec 202120:15	–	prion
Zero Science Lab	FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 Unauthenticated Config Download	27 Sep 202100:00	–	zeroscience

NVD

Node

fatpipeinc ipvpn_firmwareMatch5.2.0r34

fatpipeinc ipvpn_firmwareMatch6.1.2r70p26

fatpipeinc ipvpn_firmwareMatch6.1.2r70p45-m

fatpipeinc ipvpn_firmwareMatch6.1.2r70p75-m

fatpipeinc ipvpn_firmwareMatch7.1.2r39

fatpipeinc ipvpn_firmwareMatch9.1.2r129

fatpipeinc ipvpn_firmwareMatch9.1.2r144

fatpipeinc ipvpn_firmwareMatch9.1.2r150

fatpipeinc ipvpn_firmwareMatch9.1.2r156

fatpipeinc ipvpn_firmwareMatch9.1.2r161p12

fatpipeinc ipvpn_firmwareMatch9.1.2r161p16

fatpipeinc ipvpn_firmwareMatch9.1.2r161p17

fatpipeinc ipvpn_firmwareMatch9.1.2r161p2

fatpipeinc ipvpn_firmwareMatch9.1.2r161p20

fatpipeinc ipvpn_firmwareMatch9.1.2r161p26

fatpipeinc ipvpn_firmwareMatch9.1.2r161p3

fatpipeinc ipvpn_firmwareMatch9.1.2r164

fatpipeinc ipvpn_firmwareMatch9.1.2r164p4

fatpipeinc ipvpn_firmwareMatch9.1.2r164p5

fatpipeinc ipvpn_firmwareMatch9.1.2r165

fatpipeinc ipvpn_firmwareMatch9.1.2r180p2

fatpipeinc ipvpn_firmwareMatch9.1.2r185

fatpipeinc ipvpn_firmwareMatch10.1.2r60p10

fatpipeinc ipvpn_firmwareMatch10.1.2r60p13

fatpipeinc ipvpn_firmwareMatch10.1.2r60p32

fatpipeinc ipvpn_firmwareMatch10.1.2r60p35

fatpipeinc ipvpn_firmwareMatch10.1.2r60p45

fatpipeinc ipvpn_firmwareMatch10.1.2r60p55

fatpipeinc ipvpn_firmwareMatch10.1.2r60p58

fatpipeinc ipvpn_firmwareMatch10.1.2r60p58s1

fatpipeinc ipvpn_firmwareMatch10.1.2r60p65

fatpipeinc ipvpn_firmwareMatch10.1.2r60p71

fatpipeinc ipvpn_firmwareMatch10.1.2r60p82

fatpipeinc ipvpn_firmwareMatch10.2.2r10

fatpipeinc ipvpn_firmwareMatch10.2.2r25

fatpipeinc ipvpn_firmwareMatch10.2.2r38

AND

fatpipeinc ipvpnMatch-

Node

fatpipeinc mpvpn_firmwareMatch5.2.0r34

fatpipeinc mpvpn_firmwareMatch6.1.2r70p26

fatpipeinc mpvpn_firmwareMatch6.1.2r70p45-m

fatpipeinc mpvpn_firmwareMatch6.1.2r70p75-m

fatpipeinc mpvpn_firmwareMatch7.1.2r39

fatpipeinc mpvpn_firmwareMatch9.1.2r129

fatpipeinc mpvpn_firmwareMatch9.1.2r144

fatpipeinc mpvpn_firmwareMatch9.1.2r150

fatpipeinc mpvpn_firmwareMatch9.1.2r156

fatpipeinc mpvpn_firmwareMatch9.1.2r161p12

fatpipeinc mpvpn_firmwareMatch9.1.2r161p16

fatpipeinc mpvpn_firmwareMatch9.1.2r161p17

fatpipeinc mpvpn_firmwareMatch9.1.2r161p2

fatpipeinc mpvpn_firmwareMatch9.1.2r161p20

fatpipeinc mpvpn_firmwareMatch9.1.2r161p26

fatpipeinc mpvpn_firmwareMatch9.1.2r161p3

fatpipeinc mpvpn_firmwareMatch9.1.2r164

fatpipeinc mpvpn_firmwareMatch9.1.2r164p4

fatpipeinc mpvpn_firmwareMatch9.1.2r164p5

fatpipeinc mpvpn_firmwareMatch9.1.2r165

fatpipeinc mpvpn_firmwareMatch9.1.2r180p2

fatpipeinc mpvpn_firmwareMatch9.1.2r185

fatpipeinc mpvpn_firmwareMatch10.1.2r60p10

fatpipeinc mpvpn_firmwareMatch10.1.2r60p13

fatpipeinc mpvpn_firmwareMatch10.1.2r60p32

fatpipeinc mpvpn_firmwareMatch10.1.2r60p35

fatpipeinc mpvpn_firmwareMatch10.1.2r60p45

fatpipeinc mpvpn_firmwareMatch10.1.2r60p55

fatpipeinc mpvpn_firmwareMatch10.1.2r60p58

fatpipeinc mpvpn_firmwareMatch10.1.2r60p58s1

fatpipeinc mpvpn_firmwareMatch10.1.2r60p65

fatpipeinc mpvpn_firmwareMatch10.1.2r60p71

fatpipeinc mpvpn_firmwareMatch10.1.2r60p82

fatpipeinc mpvpn_firmwareMatch10.2.2r10

fatpipeinc mpvpn_firmwareMatch10.2.2r25

fatpipeinc mpvpn_firmwareMatch10.2.2r38

AND

fatpipeinc mpvpnMatch-

Node

fatpipeinc warp_firmwareMatch5.2.0r34

fatpipeinc warp_firmwareMatch6.1.2r70p26

fatpipeinc warp_firmwareMatch6.1.2r70p45-m

fatpipeinc warp_firmwareMatch6.1.2r70p75-m

fatpipeinc warp_firmwareMatch7.1.2r39

fatpipeinc warp_firmwareMatch9.1.2r129

fatpipeinc warp_firmwareMatch9.1.2r144

fatpipeinc warp_firmwareMatch9.1.2r150

fatpipeinc warp_firmwareMatch9.1.2r156

fatpipeinc warp_firmwareMatch9.1.2r161p12

fatpipeinc warp_firmwareMatch9.1.2r161p16

fatpipeinc warp_firmwareMatch9.1.2r161p17

fatpipeinc warp_firmwareMatch9.1.2r161p2

fatpipeinc warp_firmwareMatch9.1.2r161p20

fatpipeinc warp_firmwareMatch9.1.2r161p26

fatpipeinc warp_firmwareMatch9.1.2r161p3

fatpipeinc warp_firmwareMatch9.1.2r164

fatpipeinc warp_firmwareMatch9.1.2r164p4

fatpipeinc warp_firmwareMatch9.1.2r164p5

fatpipeinc warp_firmwareMatch9.1.2r165

fatpipeinc warp_firmwareMatch9.1.2r180p2

fatpipeinc warp_firmwareMatch9.1.2r185

fatpipeinc warp_firmwareMatch10.1.2r60p10

fatpipeinc warp_firmwareMatch10.1.2r60p13

fatpipeinc warp_firmwareMatch10.1.2r60p32

fatpipeinc warp_firmwareMatch10.1.2r60p35

fatpipeinc warp_firmwareMatch10.1.2r60p45

fatpipeinc warp_firmwareMatch10.1.2r60p55

fatpipeinc warp_firmwareMatch10.1.2r60p58

fatpipeinc warp_firmwareMatch10.1.2r60p58s1

fatpipeinc warp_firmwareMatch10.1.2r60p65

fatpipeinc warp_firmwareMatch10.1.2r60p71

fatpipeinc warp_firmwareMatch10.1.2r60p82

fatpipeinc warp_firmwareMatch10.2.2r10

fatpipeinc warp_firmwareMatch10.2.2r25

fatpipeinc warp_firmwareMatch10.2.2r38

AND

fatpipeinc warpMatch-

[
  {
    "product": "WARP",
    "vendor": "FatPipe",
    "versions": [
      {
        "lessThan": "10.1.2r60p91",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "10.2.2r42",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "IPVPN",
    "vendor": "FatPipe",
    "versions": [
      {
        "lessThan": "10.1.2r60p91",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "10.2.2r42",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "MPVPN",
    "vendor": "FatPipe",
    "versions": [
      {
        "lessThan": "10.1.2r60p91",
        "status": "affected",
        "version": "10.1",
        "versionType": "custom"
      },
      {
        "lessThan": "10.2.2r42",
        "status": "affected",
        "version": "10.2",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
zeroscience	www.zeroscience.mk/codes/fatpipe_configdl.txt
fatpipeinc	www.fatpipeinc.com/support/cve-list.php
zeroscience	www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php

Parameter	Position	Path	Description	CWE
HostName	path	fpui/ZSLAB-config-WARP-9.1.2r161p19-mcore.tar.gz	Unauthenticated disclosure of configuration archive via HTTP GET by referencing backup archive file name containing the hostname.	CWE-862
Product	path	fpui/ZSLAB-config-WARP-9.1.2r161p19-mcore.tar.gz	Unauthenticated disclosure of configuration archive via HTTP GET by referencing backup archive file name containing the hostname.	CWE-862
Version	path	fpui/ZSLAB-config-WARP-9.1.2r161p19-mcore.tar.gz	Unauthenticated disclosure of configuration archive via HTTP GET by referencing backup archive file name containing the hostname.	CWE-862
mcore.tar.gz	path	fpui/ZSLAB-config-WARP-9.1.2r161p19-mcore.tar.gz	Unauthenticated disclosure of configuration archive via HTTP GET by referencing backup archive file name containing the hostname.	CWE-862

21 Nov 2024 05:58Current

7.5High risk

Vulners AI Score7.5

CVSS 24.3

CVSS 3.17.5

EPSS0.00503

CWE-862