Vulners
Lucene search
FatPipe Networks WARP 10.2.2 Authorization Bypass
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | FatPipe 安全漏洞 | 15 Dec 202100:00 | – | cnnvd |
 | FatPipe WARP, IPVPN, and MPVPN Authorization Vulnerability (CNVD-2021-101934) | 17 Dec 202100:00 | – | cnvd |
 | CVE-2021-27858 | 15 Dec 202116:14 | – | cve |
 | CVE-2021-27858 Missing authorization vulnerability in FatPipe software | 15 Dec 202116:14 | – | cvelist |
 | EUVD-2021-14596 | 7 Oct 202500:30 | – | euvd |
 | FatPipe MPVPN < 10.1.2r60p91 / 10.2.2 < 10.2.2r42 Multiple Vulnerabilities | 25 May 202300:00 | – | nessus |
 | FatPipe WARP/IPVPN/MPVPN - Authorization Bypass | 23 Jun 202605:08 | – | nuclei |
 | CVE-2021-27858 | 15 Dec 202120:15 | – | nvd |
 | CVE-2021-27858 | 15 Dec 202120:15 | – | osv |
 | Authorization | 15 Dec 202120:15 | – | prion |
10
<html><body><p>FatPipe Networks WARP 10.2.2 Authorization Bypass
Vendor: FatPipe Networks Inc.
Product web page: https://www.fatpipeinc.com
Affected version: WARP
10.2.2r38
10.2.2r25
10.2.2r10
10.1.2r60p82
10.1.2r60p71
10.1.2r60p65
10.1.2r60p58s1
10.1.2r60p58
10.1.2r60p55
10.1.2r60p45
10.1.2r60p35
10.1.2r60p32
10.1.2r60p13
10.1.2r60p10
9.1.2r185
9.1.2r180p2
9.1.2r165
9.1.2r164p5
9.1.2r164p4
9.1.2r164
9.1.2r161p26
9.1.2r161p20
9.1.2r161p17
9.1.2r161p16
9.1.2r161p12
9.1.2r161p3
9.1.2r161p2
9.1.2r156
9.1.2r150
9.1.2r144
9.1.2r129
7.1.2r39
6.1.2r70p75-m
6.1.2r70p45-m
6.1.2r70p26
5.2.0r34
Summary: FatPipe Networks invented the concept of router-clustering,
which provides the highest level of reliability, redundancy, and speed
of Internet traffic for Business Continuity and communications. FatPipe
WARP achieves fault tolerance for companies by creating an easy method
of combining two or more Internet connections of any kind over multiple
ISPs. FatPipe utilizes all paths when the lines are up and running,
dynamically balancing traffic over the multiple lines, and intelligently
failing over inbound and outbound IP traffic when ISP services and/or
components fail.
Desc: Improper access control occurs when the application provides direct
access to objects based on user-supplied input. As a result of this vulnerability
attackers can bypass authorization and access resources behind protected
pages.
Tested on: Apache-Coyote/1.1
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience
Advisory ID: ZSL-2021-5682
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
30.05.2016
25.07.2021
--
$ curl -vk "https://10.0.0.9/fpui/jsp/index.jsp"
</p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Sep 2021 00:00Current
6Medium risk
Vulners AI Score6
CVSS 25
CVSS 3.15.3
EPSS0.02703