Lucene search
HistoryDec 15, 2021 - 8:15 p.m.
CVE-2021-27857
cve-2021-27857
authorization vulnerability
fatpipe warp
ipvpn
mpvpn
web management interface
remote attacker
unauthenticated
configuration archive
vulnerability
fpsa003
nvd
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
68.3%
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
Affected configurations
Node
fatpipeincipvpn_firmwareMatch5.2.0r34
ORfatpipeincipvpn_firmwareMatch6.1.2r70p26
ORfatpipeincipvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincipvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincipvpn_firmwareMatch7.1.2r39
ORfatpipeincipvpn_firmwareMatch9.1.2r129
ORfatpipeincipvpn_firmwareMatch9.1.2r144
ORfatpipeincipvpn_firmwareMatch9.1.2r150
ORfatpipeincipvpn_firmwareMatch9.1.2r156
ORfatpipeincipvpn_firmwareMatch9.1.2r161p12
ORfatpipeincipvpn_firmwareMatch9.1.2r161p16
ORfatpipeincipvpn_firmwareMatch9.1.2r161p17
ORfatpipeincipvpn_firmwareMatch9.1.2r161p2
ORfatpipeincipvpn_firmwareMatch9.1.2r161p20
ORfatpipeincipvpn_firmwareMatch9.1.2r161p26
ORfatpipeincipvpn_firmwareMatch9.1.2r161p3
ORfatpipeincipvpn_firmwareMatch9.1.2r164
ORfatpipeincipvpn_firmwareMatch9.1.2r164p4
ORfatpipeincipvpn_firmwareMatch9.1.2r164p5
ORfatpipeincipvpn_firmwareMatch9.1.2r165
ORfatpipeincipvpn_firmwareMatch9.1.2r180p2
ORfatpipeincipvpn_firmwareMatch9.1.2r185
ORfatpipeincipvpn_firmwareMatch10.1.2r60p10
ORfatpipeincipvpn_firmwareMatch10.1.2r60p13
ORfatpipeincipvpn_firmwareMatch10.1.2r60p32
ORfatpipeincipvpn_firmwareMatch10.1.2r60p35
ORfatpipeincipvpn_firmwareMatch10.1.2r60p45
ORfatpipeincipvpn_firmwareMatch10.1.2r60p55
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincipvpn_firmwareMatch10.1.2r60p65
ORfatpipeincipvpn_firmwareMatch10.1.2r60p71
ORfatpipeincipvpn_firmwareMatch10.1.2r60p82
ORfatpipeincipvpn_firmwareMatch10.2.2r10
ORfatpipeincipvpn_firmwareMatch10.2.2r25
ORfatpipeincipvpn_firmwareMatch10.2.2r38
fatpipeincipvpnMatch-
Node
fatpipeincmpvpn_firmwareMatch5.2.0r34
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p26
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincmpvpn_firmwareMatch7.1.2r39
ORfatpipeincmpvpn_firmwareMatch9.1.2r129
ORfatpipeincmpvpn_firmwareMatch9.1.2r144
ORfatpipeincmpvpn_firmwareMatch9.1.2r150
ORfatpipeincmpvpn_firmwareMatch9.1.2r156
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p12
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p16
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p17
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p20
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p26
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p3
ORfatpipeincmpvpn_firmwareMatch9.1.2r164
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p4
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p5
ORfatpipeincmpvpn_firmwareMatch9.1.2r165
ORfatpipeincmpvpn_firmwareMatch9.1.2r180p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r185
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p10
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p13
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p32
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p35
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p45
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p55
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p65
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p71
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p82
ORfatpipeincmpvpn_firmwareMatch10.2.2r10
ORfatpipeincmpvpn_firmwareMatch10.2.2r25
ORfatpipeincmpvpn_firmwareMatch10.2.2r38
fatpipeincmpvpnMatch-
Node
fatpipeincwarp_firmwareMatch5.2.0r34
ORfatpipeincwarp_firmwareMatch6.1.2r70p26
ORfatpipeincwarp_firmwareMatch6.1.2r70p45-m
ORfatpipeincwarp_firmwareMatch6.1.2r70p75-m
ORfatpipeincwarp_firmwareMatch7.1.2r39
ORfatpipeincwarp_firmwareMatch9.1.2r129
ORfatpipeincwarp_firmwareMatch9.1.2r144
ORfatpipeincwarp_firmwareMatch9.1.2r150
ORfatpipeincwarp_firmwareMatch9.1.2r156
ORfatpipeincwarp_firmwareMatch9.1.2r161p12
ORfatpipeincwarp_firmwareMatch9.1.2r161p16
ORfatpipeincwarp_firmwareMatch9.1.2r161p17
ORfatpipeincwarp_firmwareMatch9.1.2r161p2
ORfatpipeincwarp_firmwareMatch9.1.2r161p20
ORfatpipeincwarp_firmwareMatch9.1.2r161p26
ORfatpipeincwarp_firmwareMatch9.1.2r161p3
ORfatpipeincwarp_firmwareMatch9.1.2r164
ORfatpipeincwarp_firmwareMatch9.1.2r164p4
ORfatpipeincwarp_firmwareMatch9.1.2r164p5
ORfatpipeincwarp_firmwareMatch9.1.2r165
ORfatpipeincwarp_firmwareMatch9.1.2r180p2
ORfatpipeincwarp_firmwareMatch9.1.2r185
ORfatpipeincwarp_firmwareMatch10.1.2r60p10
ORfatpipeincwarp_firmwareMatch10.1.2r60p13
ORfatpipeincwarp_firmwareMatch10.1.2r60p32
ORfatpipeincwarp_firmwareMatch10.1.2r60p35
ORfatpipeincwarp_firmwareMatch10.1.2r60p45
ORfatpipeincwarp_firmwareMatch10.1.2r60p55
ORfatpipeincwarp_firmwareMatch10.1.2r60p58
ORfatpipeincwarp_firmwareMatch10.1.2r60p58s1
ORfatpipeincwarp_firmwareMatch10.1.2r60p65
ORfatpipeincwarp_firmwareMatch10.1.2r60p71
ORfatpipeincwarp_firmwareMatch10.1.2r60p82
ORfatpipeincwarp_firmwareMatch10.2.2r10
ORfatpipeincwarp_firmwareMatch10.2.2r25
ORfatpipeincwarp_firmwareMatch10.2.2r38
fatpipeincwarpMatch-
CNA Affected
[
{
"product": "WARP ",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
]Related
prion
prion
Authorization
2021-12-15 20:15:00
cvelist
cvelist
cnvd
cnvd
nvd
nvd
CVE-2021-27857
2021-12-15 20:15:08
nessus
nessus
FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities
2023-05-25 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
0.003 Low
EPSS
Percentile
68.3%
Related for CVE-2021-27857