| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
| FatPipe 安全漏洞 | 15 Dec 202100:00 | – | cnnvd | |
| FatPipe WARP, IPVPN, and MPVPN Authorization Vulnerability (CNVD-2021-101934) | 17 Dec 202100:00 | – | cnvd | |
| CVE-2021-27858 | 15 Dec 202116:14 | – | cve | |
| CVE-2021-27858 Missing authorization vulnerability in FatPipe software | 15 Dec 202116:14 | – | cvelist | |
| EUVD-2021-14596 | 7 Oct 202500:30 | – | euvd | |
| FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities | 25 May 202300:00 | – | nessus | |
| CVE-2021-27858 | 15 Dec 202120:15 | – | nvd | |
| CVE-2021-27858 | 15 Dec 202120:15 | – | osv | |
| Authorization | 15 Dec 202120:15 | – | prion | |
| FatPipe Networks WARP 10.2.2 Authorization Bypass | 27 Sep 202100:00 | – | zeroscience |
| Source | Link |
|---|---|
| zeroscience | www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php |
| fatpipeinc | www.fatpipeinc.com/support/advisories.php |
| fatpipeinc | www.fatpipeinc.com/support/cve-list.php |
| zeroscience | www.zeroscience.mk/codes/fatpipe_auth.txt |
id: CVE-2021-27858
info:
name: FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
author: gy741
severity: medium
description: |
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication.
impact: |
Unauthenticated attackers can access sensitive management interface URLs and obtain device information due to missing authorization checks.
remediation: |
Upgrade to FatPipe WARP/IPVPN/MPVPN version 10.1.2r60p91 or 10.2.2r42 or later.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
- https://www.fatpipeinc.com/support/advisories.php
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_auth.txt
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2021-27858
cwe-id: CWE-862
epss-score: 0.02703
epss-percentile: 0.8416
cpe: cpe:2.3:o:fatpipeinc:warp_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: fatpipeinc
product: warp_firmware
tags: cve,cve2021,fatpipe,auth-bypass,router,vuln
http:
- raw:
- |
GET /fpui/jsp/index.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "productType"
- "type:"
- "version:"
- "<title>FatPipe Networks</title>"
condition: and
extractors:
- type: regex
part: body
regex:
- 'version: "([0-9.a-z]+)"'
# digest: 4a0a00473045022100d8ff2d8e2ee64d81c481779294ee96d7113979bc8c2996c182365a256651200802207ac7cd1156fcfe7956a0f4b94d76a2765045a1b5a4f6bc35148f4da6ba0ec789:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation