Authorization

2021-12-1520:15:00

PRIOn knowledge base

www.prio-n.com

7.5 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

68.2%

JSON

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.

CPENameOperatorVersion
ipvpn_firmwareeq5.2.0 r34
ipvpn_firmwareeq6.1.2
ipvpn_firmwareeq6.1.2
ipvpn_firmwareeq6.1.2 r70p26
ipvpn_firmwareeq7.1.2 r39
ipvpn_firmwareeq9.1.2 r185
ipvpn_firmwareeq9.1.2 r180p2
ipvpn_firmwareeq9.1.2 r165
ipvpn_firmwareeq9.1.2 r164p5
ipvpn_firmwareeq9.1.2 r164p4

Name	Operator	Version
ipvpn_firmware	eq	5.2.0 r34
ipvpn_firmware	eq	6.1.2
ipvpn_firmware	eq	6.1.2
ipvpn_firmware	eq	6.1.2 r70p26
ipvpn_firmware	eq	7.1.2 r39
ipvpn_firmware	eq	9.1.2 r185
ipvpn_firmware	eq	9.1.2 r180p2
ipvpn_firmware	eq	9.1.2 r165
ipvpn_firmware	eq	9.1.2 r164p5
ipvpn_firmware	eq	9.1.2 r164p4