Lucene search

[email protected]NVD:CVE-2021-27859

HistoryDec 15, 2021 - 8:15 p.m.

CVE-2021-27859

2021-12-1520:15:08

CWE-862

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.4%

JSON

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

Affected configurations

NVD

Node

fatpipeincipvpn_firmwareMatch5.2.0r34

fatpipeincipvpn_firmwareMatch6.1.2r70p26

fatpipeincipvpn_firmwareMatch6.1.2r70p45-m

fatpipeincipvpn_firmwareMatch6.1.2r70p75-m

fatpipeincipvpn_firmwareMatch7.1.2r39

fatpipeincipvpn_firmwareMatch9.1.2r129

fatpipeincipvpn_firmwareMatch9.1.2r144

fatpipeincipvpn_firmwareMatch9.1.2r150

fatpipeincipvpn_firmwareMatch9.1.2r156

fatpipeincipvpn_firmwareMatch9.1.2r161p12

fatpipeincipvpn_firmwareMatch9.1.2r161p16

fatpipeincipvpn_firmwareMatch9.1.2r161p17

fatpipeincipvpn_firmwareMatch9.1.2r161p2

fatpipeincipvpn_firmwareMatch9.1.2r161p20

fatpipeincipvpn_firmwareMatch9.1.2r161p26

fatpipeincipvpn_firmwareMatch9.1.2r161p3

fatpipeincipvpn_firmwareMatch9.1.2r164

fatpipeincipvpn_firmwareMatch9.1.2r164p4

fatpipeincipvpn_firmwareMatch9.1.2r164p5

fatpipeincipvpn_firmwareMatch9.1.2r165

fatpipeincipvpn_firmwareMatch9.1.2r180p2

fatpipeincipvpn_firmwareMatch9.1.2r185

fatpipeincipvpn_firmwareMatch10.1.2r60p10

fatpipeincipvpn_firmwareMatch10.1.2r60p13

fatpipeincipvpn_firmwareMatch10.1.2r60p32

fatpipeincipvpn_firmwareMatch10.1.2r60p35

fatpipeincipvpn_firmwareMatch10.1.2r60p45

fatpipeincipvpn_firmwareMatch10.1.2r60p55

fatpipeincipvpn_firmwareMatch10.1.2r60p58

fatpipeincipvpn_firmwareMatch10.1.2r60p58s1

fatpipeincipvpn_firmwareMatch10.1.2r60p65

fatpipeincipvpn_firmwareMatch10.1.2r60p71

fatpipeincipvpn_firmwareMatch10.1.2r60p82

fatpipeincipvpn_firmwareMatch10.2.2r10

fatpipeincipvpn_firmwareMatch10.2.2r25

fatpipeincipvpn_firmwareMatch10.2.2r38

AND

fatpipeincipvpnMatch-

Node

fatpipeincmpvpn_firmwareMatch5.2.0r34

fatpipeincmpvpn_firmwareMatch6.1.2r70p26

fatpipeincmpvpn_firmwareMatch6.1.2r70p45-m

fatpipeincmpvpn_firmwareMatch6.1.2r70p75-m

fatpipeincmpvpn_firmwareMatch7.1.2r39

fatpipeincmpvpn_firmwareMatch9.1.2r129

fatpipeincmpvpn_firmwareMatch9.1.2r144

fatpipeincmpvpn_firmwareMatch9.1.2r150

fatpipeincmpvpn_firmwareMatch9.1.2r156

fatpipeincmpvpn_firmwareMatch9.1.2r161p12

fatpipeincmpvpn_firmwareMatch9.1.2r161p16

fatpipeincmpvpn_firmwareMatch9.1.2r161p17

fatpipeincmpvpn_firmwareMatch9.1.2r161p2

fatpipeincmpvpn_firmwareMatch9.1.2r161p20

fatpipeincmpvpn_firmwareMatch9.1.2r161p26

fatpipeincmpvpn_firmwareMatch9.1.2r161p3

fatpipeincmpvpn_firmwareMatch9.1.2r164

fatpipeincmpvpn_firmwareMatch9.1.2r164p4

fatpipeincmpvpn_firmwareMatch9.1.2r164p5

fatpipeincmpvpn_firmwareMatch9.1.2r165

fatpipeincmpvpn_firmwareMatch9.1.2r180p2

fatpipeincmpvpn_firmwareMatch9.1.2r185

fatpipeincmpvpn_firmwareMatch10.1.2r60p10

fatpipeincmpvpn_firmwareMatch10.1.2r60p13

fatpipeincmpvpn_firmwareMatch10.1.2r60p32

fatpipeincmpvpn_firmwareMatch10.1.2r60p35

fatpipeincmpvpn_firmwareMatch10.1.2r60p45

fatpipeincmpvpn_firmwareMatch10.1.2r60p55

fatpipeincmpvpn_firmwareMatch10.1.2r60p58

fatpipeincmpvpn_firmwareMatch10.1.2r60p58s1

fatpipeincmpvpn_firmwareMatch10.1.2r60p65

fatpipeincmpvpn_firmwareMatch10.1.2r60p71

fatpipeincmpvpn_firmwareMatch10.1.2r60p82

fatpipeincmpvpn_firmwareMatch10.2.2r10

fatpipeincmpvpn_firmwareMatch10.2.2r25

fatpipeincmpvpn_firmwareMatch10.2.2r38

AND

fatpipeincmpvpnMatch-

Node

fatpipeincwarpMatch-

AND

fatpipeincwarp_firmwareMatch5.2.0r34

fatpipeincwarp_firmwareMatch6.1.2r70p26

fatpipeincwarp_firmwareMatch6.1.2r70p45-m

fatpipeincwarp_firmwareMatch6.1.2r70p75-m

fatpipeincwarp_firmwareMatch7.1.2r39

fatpipeincwarp_firmwareMatch9.1.2r129

fatpipeincwarp_firmwareMatch9.1.2r144

fatpipeincwarp_firmwareMatch9.1.2r150

fatpipeincwarp_firmwareMatch9.1.2r156

fatpipeincwarp_firmwareMatch9.1.2r161p12

fatpipeincwarp_firmwareMatch9.1.2r161p16

fatpipeincwarp_firmwareMatch9.1.2r161p17

fatpipeincwarp_firmwareMatch9.1.2r161p2

fatpipeincwarp_firmwareMatch9.1.2r161p20

fatpipeincwarp_firmwareMatch9.1.2r161p26

fatpipeincwarp_firmwareMatch9.1.2r161p3

fatpipeincwarp_firmwareMatch9.1.2r164

fatpipeincwarp_firmwareMatch9.1.2r164p4

fatpipeincwarp_firmwareMatch9.1.2r164p5

fatpipeincwarp_firmwareMatch9.1.2r165

fatpipeincwarp_firmwareMatch9.1.2r180p2

fatpipeincwarp_firmwareMatch9.1.2r185

fatpipeincwarp_firmwareMatch10.1.2r60p10

fatpipeincwarp_firmwareMatch10.1.2r60p13

fatpipeincwarp_firmwareMatch10.1.2r60p32

fatpipeincwarp_firmwareMatch10.1.2r60p35

fatpipeincwarp_firmwareMatch10.1.2r60p45

fatpipeincwarp_firmwareMatch10.1.2r60p55

fatpipeincwarp_firmwareMatch10.1.2r60p58

fatpipeincwarp_firmwareMatch10.1.2r60p58s1

fatpipeincwarp_firmwareMatch10.1.2r60p65

fatpipeincwarp_firmwareMatch10.1.2r60p71

fatpipeincwarp_firmwareMatch10.1.2r60p82

fatpipeincwarp_firmwareMatch10.2.2r10

fatpipeincwarp_firmwareMatch10.2.2r25

fatpipeincwarp_firmwareMatch10.2.2r38

References

www.fatpipeinc.com/support/cve-list.php

www.zeroscience.mk/codes/fatpipe_csrf.txt

www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.004 Low

EPSS

Percentile

74.4%

JSON

Related for NVD:CVE-2021-27859

cvelist1 prion1 cve1 cnvd1 nessus1