Lucene search
K

86 matches found

CNVD
CNVD
added 2021/12/17 12:0 a.m.16 views

FatPipe WARP, IPVPN and MPVPN authorization vulnerabilities

FatPipe is a WAN redundancy technology from FatPipe USA that provides companies with automated and dynamic failover due to a WAN component or service failure that results in a data line connection outage.A security vulnerability exists in FatPipe WARP, IPVPN and MPVPN that stems from a lack of...

8.8CVSS2.8AI score0.01615EPSS
Exploits0References1
NVD
NVD
added 2021/12/15 8:15 p.m.18 views

CVE-2021-27859

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

8.8CVSS0.01615EPSS
Exploits0References3
NVD
NVD
added 2021/12/15 8:15 p.m.19 views

CVE-2021-27857

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname o...

7.5CVSS0.01794EPSS
Exploits1References3
NVD
NVD
added 2021/12/15 8:15 p.m.20 views

CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

9.8CVSS0.05598EPSS
Exploits1References3
OSV
OSV
added 2021/12/15 8:15 p.m.4 views

CVE-2021-27858

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

5.3CVSS5.8AI score0.02703EPSS
Exploits1References3
OSV
OSV
added 2021/12/15 8:15 p.m.3 views

CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

9.8CVSS7.2AI score0.05598EPSS
Exploits1References3
OSV
OSV
added 2021/12/15 8:15 p.m.5 views

CVE-2021-27859

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

8.8CVSS7.3AI score0.01615EPSS
Exploits0References3
OSV
OSV
added 2021/12/15 8:15 p.m.5 views

CVE-2021-27857

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname o...

7.5CVSS5.7AI score0.01794EPSS
Exploits1References3
NVD
NVD
added 2021/12/15 8:15 p.m.16 views

CVE-2021-27858

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

5.3CVSS0.02703EPSS
Exploits1References3
OSV
OSV
added 2021/12/15 8:15 p.m.7 views

CVE-2021-27855

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

8.8CVSS5.7AI score0.01604EPSS
Exploits1References3
NVD
NVD
added 2021/12/15 8:15 p.m.12 views

CVE-2021-27855

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

8.8CVSS0.01604EPSS
Exploits1References3
Prion
Prion
added 2021/12/15 8:15 p.m.23 views

Design/Logic Flaw

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this...

6.5CVSS8.6AI score0.01604EPSS
Exploits1References3Affected Software3
Prion
Prion
added 2021/12/15 8:15 p.m.16 views

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname o...

4.3CVSS7.5AI score0.01794EPSS
Exploits1References3Affected Software3
Prion
Prion
added 2021/12/15 8:15 p.m.17 views

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

5CVSS5.3AI score0.02703EPSS
Exploits1References3Affected Software3
Prion
Prion
added 2021/12/15 8:15 p.m.18 views

Authorization

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

6.5CVSS8.6AI score0.01615EPSS
Exploits0References3Affected Software3
Prion
Prion
added 2021/12/15 8:15 p.m.15 views

Design/Logic Flaw

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002...

7.5CVSS9.4AI score0.05598EPSS
Exploits1References3Affected Software3
CVE
CVE
added 2021/12/15 4:14 p.m.55 views

CVE-2021-27859

CVE-2021-27859 (FatPipe WARP/IPVPN/MPVPN) is a missing authorization vulnerability in the web management interface that allows an authenticated, read-only user to create an administrative account. Affected versions are FatPipe software prior to 10.1.2r60p91 and 10.2.2 prior to r42; older FatPipe ...

8.8CVSS8.8AI score0.01615EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2021/12/15 4:14 p.m.26 views

CVE-2021-27859 Missing authorization vulnerability in FatPipe software

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of...

8.8CVSS8.9AI score0.01615EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/12/15 4:14 p.m.18 views

CVE-2021-27858 Missing authorization vulnerability in FatPipe software

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of...

5.3CVSS5.6AI score0.02703EPSS
Exploits1References3
CVE
CVE
added 2021/12/15 4:14 p.m.55 views

CVE-2021-27858

FatPipe WARP/IPVPN/MPVPN contains a missing authorization vulnerability (CVE-2021-27858) in the web management interface, affecting versions prior to 10.1.2r60p91 and 10.2.2r42. The issue allows an unauthenticated, remote attacker to access at least the URL /fpui/jsp/index.jsp, with impact descri...

5.3CVSS5.3AI score0.02703EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder