Lucene search
HistoryDec 15, 2021 - 8:15 p.m.
CVE-2021-27859
cve-2021-27859
missing authorization
web management interface
fatpipe
warp
ipvpn
mpvpn
software security
vulnerability
csrf
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.5%
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
Affected configurations
Node
fatpipeincipvpn_firmwareMatch5.2.0r34
ORfatpipeincipvpn_firmwareMatch6.1.2r70p26
ORfatpipeincipvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincipvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincipvpn_firmwareMatch7.1.2r39
ORfatpipeincipvpn_firmwareMatch9.1.2r129
ORfatpipeincipvpn_firmwareMatch9.1.2r144
ORfatpipeincipvpn_firmwareMatch9.1.2r150
ORfatpipeincipvpn_firmwareMatch9.1.2r156
ORfatpipeincipvpn_firmwareMatch9.1.2r161p12
ORfatpipeincipvpn_firmwareMatch9.1.2r161p16
ORfatpipeincipvpn_firmwareMatch9.1.2r161p17
ORfatpipeincipvpn_firmwareMatch9.1.2r161p2
ORfatpipeincipvpn_firmwareMatch9.1.2r161p20
ORfatpipeincipvpn_firmwareMatch9.1.2r161p26
ORfatpipeincipvpn_firmwareMatch9.1.2r161p3
ORfatpipeincipvpn_firmwareMatch9.1.2r164
ORfatpipeincipvpn_firmwareMatch9.1.2r164p4
ORfatpipeincipvpn_firmwareMatch9.1.2r164p5
ORfatpipeincipvpn_firmwareMatch9.1.2r165
ORfatpipeincipvpn_firmwareMatch9.1.2r180p2
ORfatpipeincipvpn_firmwareMatch9.1.2r185
ORfatpipeincipvpn_firmwareMatch10.1.2r60p10
ORfatpipeincipvpn_firmwareMatch10.1.2r60p13
ORfatpipeincipvpn_firmwareMatch10.1.2r60p32
ORfatpipeincipvpn_firmwareMatch10.1.2r60p35
ORfatpipeincipvpn_firmwareMatch10.1.2r60p45
ORfatpipeincipvpn_firmwareMatch10.1.2r60p55
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58
ORfatpipeincipvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincipvpn_firmwareMatch10.1.2r60p65
ORfatpipeincipvpn_firmwareMatch10.1.2r60p71
ORfatpipeincipvpn_firmwareMatch10.1.2r60p82
ORfatpipeincipvpn_firmwareMatch10.2.2r10
ORfatpipeincipvpn_firmwareMatch10.2.2r25
ORfatpipeincipvpn_firmwareMatch10.2.2r38
fatpipeincipvpnMatch-
Node
fatpipeincmpvpn_firmwareMatch5.2.0r34
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p26
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p45-m
ORfatpipeincmpvpn_firmwareMatch6.1.2r70p75-m
ORfatpipeincmpvpn_firmwareMatch7.1.2r39
ORfatpipeincmpvpn_firmwareMatch9.1.2r129
ORfatpipeincmpvpn_firmwareMatch9.1.2r144
ORfatpipeincmpvpn_firmwareMatch9.1.2r150
ORfatpipeincmpvpn_firmwareMatch9.1.2r156
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p12
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p16
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p17
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p20
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p26
ORfatpipeincmpvpn_firmwareMatch9.1.2r161p3
ORfatpipeincmpvpn_firmwareMatch9.1.2r164
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p4
ORfatpipeincmpvpn_firmwareMatch9.1.2r164p5
ORfatpipeincmpvpn_firmwareMatch9.1.2r165
ORfatpipeincmpvpn_firmwareMatch9.1.2r180p2
ORfatpipeincmpvpn_firmwareMatch9.1.2r185
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p10
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p13
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p32
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p35
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p45
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p55
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p58s1
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p65
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p71
ORfatpipeincmpvpn_firmwareMatch10.1.2r60p82
ORfatpipeincmpvpn_firmwareMatch10.2.2r10
ORfatpipeincmpvpn_firmwareMatch10.2.2r25
ORfatpipeincmpvpn_firmwareMatch10.2.2r38
fatpipeincmpvpnMatch-
Node
fatpipeincwarpMatch-
fatpipeincwarp_firmwareMatch5.2.0r34
ORfatpipeincwarp_firmwareMatch6.1.2r70p26
ORfatpipeincwarp_firmwareMatch6.1.2r70p45-m
ORfatpipeincwarp_firmwareMatch6.1.2r70p75-m
ORfatpipeincwarp_firmwareMatch7.1.2r39
ORfatpipeincwarp_firmwareMatch9.1.2r129
ORfatpipeincwarp_firmwareMatch9.1.2r144
ORfatpipeincwarp_firmwareMatch9.1.2r150
ORfatpipeincwarp_firmwareMatch9.1.2r156
ORfatpipeincwarp_firmwareMatch9.1.2r161p12
ORfatpipeincwarp_firmwareMatch9.1.2r161p16
ORfatpipeincwarp_firmwareMatch9.1.2r161p17
ORfatpipeincwarp_firmwareMatch9.1.2r161p2
ORfatpipeincwarp_firmwareMatch9.1.2r161p20
ORfatpipeincwarp_firmwareMatch9.1.2r161p26
ORfatpipeincwarp_firmwareMatch9.1.2r161p3
ORfatpipeincwarp_firmwareMatch9.1.2r164
ORfatpipeincwarp_firmwareMatch9.1.2r164p4
ORfatpipeincwarp_firmwareMatch9.1.2r164p5
ORfatpipeincwarp_firmwareMatch9.1.2r165
ORfatpipeincwarp_firmwareMatch9.1.2r180p2
ORfatpipeincwarp_firmwareMatch9.1.2r185
ORfatpipeincwarp_firmwareMatch10.1.2r60p10
ORfatpipeincwarp_firmwareMatch10.1.2r60p13
ORfatpipeincwarp_firmwareMatch10.1.2r60p32
ORfatpipeincwarp_firmwareMatch10.1.2r60p35
ORfatpipeincwarp_firmwareMatch10.1.2r60p45
ORfatpipeincwarp_firmwareMatch10.1.2r60p55
ORfatpipeincwarp_firmwareMatch10.1.2r60p58
ORfatpipeincwarp_firmwareMatch10.1.2r60p58s1
ORfatpipeincwarp_firmwareMatch10.1.2r60p65
ORfatpipeincwarp_firmwareMatch10.1.2r60p71
ORfatpipeincwarp_firmwareMatch10.1.2r60p82
ORfatpipeincwarp_firmwareMatch10.2.2r10
ORfatpipeincwarp_firmwareMatch10.2.2r25
ORfatpipeincwarp_firmwareMatch10.2.2r38
CNA Affected
[
{
"product": "WARP ",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
]Related
nvd
nvd
CVE-2021-27859
2021-12-15 20:15:08
cvelist
cvelist
CVE-2021-27859 Missing authorization vulnerability in FatPipe software
2021-09-27 00:00:00
prion
prion
Authorization
2021-12-15 20:15:00
cnvd
cnvd
FatPipe WARP, IPVPN and MPVPN authorization vulnerabilities
2021-12-17 00:00:00
nessus
nessus
FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities
2023-05-25 00:00:00
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
74.5%
Related for CVE-2021-27859