Vulnerabilites related to fatpipeinc - ipvpn
Vulnerability from fkie_nvd
Published
2021-12-15 20:15
Modified
2024-11-21 05:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.zeroscience.mk/codes/fatpipe_csrf.txt | Third Party Advisory | |
| cret@cert.org | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/codes/fatpipe_csrf.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autorizaci\u00f3n ausente en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto autenticado con privilegios de s\u00f3lo lectura crear una cuenta con privilegios administrativos. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. Esto no parece ser una vulnerabilidad de tipo CSRF. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA005"
}
],
"id": "CVE-2021-27859",
"lastModified": "2024-11-21T05:58:39.460",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:08.163",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 20:15
Modified
2024-11-21 05:58
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.zeroscience.mk/codes/fatpipe_backdoor.txt | Third Party Advisory | |
| cret@cert.org | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/codes/fatpipe_backdoor.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
},
{
"lang": "es",
"value": "El software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, incluye una cuenta llamada \"cmuser\" que tiene privilegios administrativos y no presenta contrase\u00f1a. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA002"
}
],
"id": "CVE-2021-27856",
"lastModified": "2024-11-21T05:58:38.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:08.003",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 20:15
Modified
2024-11-21 05:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.zeroscience.mk/codes/fatpipe_privesc.txt | Third Party Advisory | |
| cret@cert.org | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/codes/fatpipe_privesc.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
},
{
"lang": "es",
"value": "El software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto y autenticado con privilegios de s\u00f3lo lectura concederse privilegios administrativos. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA001"
}
],
"id": "CVE-2021-27855",
"lastModified": "2024-11-21T05:58:38.793",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:07.940",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 20:15
Modified
2024-11-21 05:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.zeroscience.mk/codes/fatpipe_configdl.txt | Third Party Advisory | |
| cret@cert.org | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/codes/fatpipe_configdl.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falta de autorizaci\u00f3n en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto no autenticado descargar un archivo de configuraci\u00f3n. El atacante necesita conocer o adivinar correctamente el nombre de host del sistema de destino, ya que el nombre de host es usado como parte del nombre del archivo de configuraci\u00f3n. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA003"
}
],
"id": "CVE-2021-27857",
"lastModified": "2024-11-21T05:58:39.150",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:08.057",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-08 17:15
Modified
2025-02-04 20:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.ic3.gov/Media/News/2021/211117-2.pdf | Exploit, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ic3.gov/Media/News/2021/211117-2.pdf | Exploit, Mitigation, Third Party Advisory, US Government Resource |
Impacted products
{
"cisaActionDue": "2022-01-24",
"cisaExploitAdd": "2022-01-10",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web del software FatPipe WARP, IPVPN y MPVPN anterior a las versiones 10.1.2r60p92 y 10.2.2r44p1 permite a un atacante remoto no autentificado cargar un archivo en cualquier ubicaci\u00f3n del sistema de archivos. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA006"
}
],
"id": "CVE-2021-27860",
"lastModified": "2025-02-04T20:15:42.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-08T17:15:10.800",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory",
"US Government Resource"
],
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-434"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-12-15 20:15
Modified
2024-11-21 05:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.zeroscience.mk/codes/fatpipe_auth.txt | Third Party Advisory | |
| cret@cert.org | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/codes/fatpipe_auth.txt | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php | Third Party Advisory |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
"matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
"matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
"matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
"matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
"matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
"matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
"matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
"matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
"matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
"matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
"matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
"matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
"matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
"matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
"matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
"matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
"matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
"matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
"matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
"matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
"matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
"matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
"matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
"matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
"matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
"matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
"matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
"matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
"matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
"matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
"matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
"matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
"matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
"matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
"matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
"matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
},
{
"lang": "es",
"value": "Una vulnerabilidad de falta de autorizaci\u00f3n en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto acceder al menos a la URL \"/fpui/jsp/index.jsp\", conllevando a un impacto desconocido, presumiblemente alguna violaci\u00f3n de la confidencialidad. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA004"
}
],
"id": "CVE-2021-27858",
"lastModified": "2024-11-21T05:58:39.313",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "cret@cert.org",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-12-15T20:15:08.110",
"references": [
{
"source": "cret@cert.org",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
},
{
"source": "cret@cert.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "cret@cert.org",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2021-27857
Vulnerability from cvelistv5
Published
2021-12-15 16:14
Modified
2024-09-17 04:29
Severity ?
EPSS score ?
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php | x_refsource_MISC | |
| https://www.fatpipeinc.com/support/cve-list.php | x_refsource_CONFIRM | |
| https://www.zeroscience.mk/codes/fatpipe_configdl.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.878Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T16:14:48",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
}
],
"source": {
"advisory": "FPSA003",
"discovery": "EXTERNAL"
},
"title": "FatPipe software allows unauthenticated configuration download",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
"ID": "CVE-2021-27857",
"STATE": "PUBLIC",
"TITLE": "FatPipe software allows unauthenticated configuration download"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
},
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
}
]
},
"source": {
"advisory": "FPSA003",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27857",
"datePublished": "2021-12-15T16:14:48.650988Z",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-09-17T04:29:07.048Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27858
Vulnerability from cvelistv5
Published
2021-12-15 16:14
Modified
2024-09-17 01:16
Severity ?
EPSS score ?
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php | x_refsource_MISC | |
| https://www.fatpipeinc.com/support/cve-list.php | x_refsource_CONFIRM | |
| https://www.zeroscience.mk/codes/fatpipe_auth.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.298Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T16:14:49",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
}
],
"source": {
"advisory": "FPSA004",
"discovery": "EXTERNAL"
},
"title": "Missing authorization vulnerability in FatPipe software",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
"ID": "CVE-2021-27858",
"STATE": "PUBLIC",
"TITLE": "Missing authorization vulnerability in FatPipe software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
},
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.zeroscience.mk/codes/fatpipe_auth.txt",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
}
]
},
"source": {
"advisory": "FPSA004",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27858",
"datePublished": "2021-12-15T16:14:49.376874Z",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-09-17T01:16:55.538Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27859
Vulnerability from cvelistv5
Published
2021-12-15 16:14
Modified
2024-09-16 21:07
Severity ?
EPSS score ?
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php | x_refsource_MISC | |
| https://www.fatpipeinc.com/support/cve-list.php | x_refsource_CONFIRM | |
| https://www.zeroscience.mk/codes/fatpipe_csrf.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:16.357Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T16:14:50",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
}
],
"source": {
"advisory": "FPSA005",
"discovery": "EXTERNAL"
},
"title": "Missing authorization vulnerability in FatPipe software",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
"ID": "CVE-2021-27859",
"STATE": "PUBLIC",
"TITLE": "Missing authorization vulnerability in FatPipe software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
},
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
}
]
},
"source": {
"advisory": "FPSA005",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27859",
"datePublished": "2021-12-15T16:14:50.125637Z",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-09-16T21:07:27.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27855
Vulnerability from cvelistv5
Published
2021-12-15 16:14
Modified
2024-09-17 02:42
Severity ?
EPSS score ?
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php | x_refsource_MISC | |
| https://www.fatpipeinc.com/support/cve-list.php | x_refsource_CONFIRM | |
| https://www.zeroscience.mk/codes/fatpipe_privesc.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:17.057Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T16:14:47",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
}
],
"source": {
"advisory": "FPSA001",
"discovery": "EXTERNAL"
},
"title": "FatPipe software allows privilege escalation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
"ID": "CVE-2021-27855",
"STATE": "PUBLIC",
"TITLE": "FatPipe software allows privilege escalation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
},
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
}
]
},
"source": {
"advisory": "FPSA001",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27855",
"datePublished": "2021-12-15T16:14:47.069558Z",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-09-17T02:42:43.452Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27860
Vulnerability from cvelistv5
Published
2021-12-08 16:15
Modified
2025-02-04 19:32
Severity ?
EPSS score ?
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27860",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:32:03.032241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27860"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:32:18.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:04:56.650Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
],
"source": {
"advisory": "FPSA006",
"discovery": "USER"
},
"title": "Arbitrary file upload vulnerability in FatPipe software",
"x_generator": {
"engine": "cveClient/1.0.15"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-11-16T00:00:00.000Z",
"ID": "CVE-2021-27860",
"STATE": "PUBLIC",
"TITLE": "Arbitrary file upload vulnerability in FatPipe software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"references": {
"reference_data": [
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf",
"refsource": "MISC",
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
]
},
"source": {
"advisory": "FPSA006",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27860",
"datePublished": "2021-12-08T16:15:48.319Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:32:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-27856
Vulnerability from cvelistv5
Published
2021-12-15 16:14
Modified
2024-09-17 01:31
Severity ?
EPSS score ?
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php | x_refsource_MISC | |
| https://www.fatpipeinc.com/support/cve-list.php | x_refsource_CONFIRM | |
| https://www.zeroscience.mk/codes/fatpipe_backdoor.txt | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.976Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p91",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r42",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-09-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Default administrative account with no password",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-15T16:14:47",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
}
],
"source": {
"advisory": "FPSA002",
"discovery": "EXTERNAL"
},
"title": "FatPipe software administrative account with no password",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
"ID": "CVE-2021-27856",
"STATE": "PUBLIC",
"TITLE": "FatPipe software administrative account with no password"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p91"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r42"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Default administrative account with no password"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
},
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt",
"refsource": "MISC",
"url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
}
]
},
"source": {
"advisory": "FPSA002",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27856",
"datePublished": "2021-12-15T16:14:47.938619Z",
"dateReserved": "2021-03-01T00:00:00",
"dateUpdated": "2024-09-17T01:31:27.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}