CVE-2021-27860
Vulnerability from cvelistv5
Published
2021-12-08 16:15
Modified
2025-02-04 19:32
Severity ?
EPSS score ?
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| cret@cert.org | https://www.ic3.gov/Media/News/2021/211117-2.pdf | Exploit, Mitigation, Third Party Advisory, US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.ic3.gov/Media/News/2021/211117-2.pdf | Exploit, Mitigation, Third Party Advisory, US Government Resource |
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog
Date added: 2022-01-10
Due date: 2022-01-24
Required action: Apply updates per vendor instructions.
Used in ransomware: Unknown
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-27860
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T21:33:15.927Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2021-27860",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-04T19:32:03.032241Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2022-01-10",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27860"
},
"type": "kev"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-04T19:32:18.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WARP",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "IPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
},
{
"product": "MPVPN",
"vendor": "FatPipe",
"versions": [
{
"lessThan": "10.1.2r60p92",
"status": "affected",
"version": "10.1",
"versionType": "custom"
},
{
"lessThan": "10.2.2r44p1",
"status": "affected",
"version": "10.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2021-11-16T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:04:56.650Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
],
"source": {
"advisory": "FPSA006",
"discovery": "USER"
},
"title": "Arbitrary file upload vulnerability in FatPipe software",
"x_generator": {
"engine": "cveClient/1.0.15"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"DATE_PUBLIC": "2021-11-16T00:00:00.000Z",
"ID": "CVE-2021-27860",
"STATE": "PUBLIC",
"TITLE": "Arbitrary file upload vulnerability in FatPipe software"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WARP",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
},
{
"product_name": "IPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
},
{
"product_name": "MPVPN",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "10.1",
"version_value": "10.1.2r60p92"
},
{
"version_affected": "\u003c",
"version_name": "10.2",
"version_value": "10.2.2r44p1"
}
]
}
}
]
},
"vendor_name": "FatPipe"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"references": {
"reference_data": [
{
"name": "https://www.fatpipeinc.com/support/cve-list.php",
"refsource": "CONFIRM",
"url": "https://www.fatpipeinc.com/support/cve-list.php"
},
{
"name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf",
"refsource": "MISC",
"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
}
]
},
"source": {
"advisory": "FPSA006",
"discovery": "USER"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27860",
"datePublished": "2021-12-08T16:15:48.319Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-02-04T19:32:18.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"cisa_known_exploited": {
"cveID": "CVE-2021-27860",
"cwes": "[\"CWE-434\"]",
"dateAdded": "2022-01-10",
"dueDate": "2022-01-24",
"knownRansomwareCampaignUse": "Unknown",
"notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-27860",
"product": "WARP, IPVPN, and MPVPN software",
"requiredAction": "Apply updates per vendor instructions.",
"shortDescription": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.",
"vendorProject": "FatPipe",
"vulnerabilityName": "FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-27860\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2021-12-08T17:15:10.800\",\"lastModified\":\"2025-02-04T20:15:42.070\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad en la interfaz de gesti\u00f3n web del software FatPipe WARP, IPVPN y MPVPN anterior a las versiones 10.1.2r60p92 y 10.2.2r44p1 permite a un atacante remoto no autentificado cargar un archivo en cualquier ubicaci\u00f3n del sistema de archivos. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA006\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cret@cert.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2022-01-10\",\"cisaActionDue\":\"2022-01-24\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-434\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11DB09F-2C14-470E-88B9-19AA1CB9D13A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B1511DD-B05D-4441-9FEE-4AE5B99AD765\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"A544091F-16BB-4942-8C5D-78BAB27763D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE36BBDB-5A65-4F61-8749-883E59300639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*\",\"matchCriteriaId\":\"A79A392B-0607-4C83-8D1F-45F99354CF93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FD234C-69BF-4A59-A5B6-BA962D4A86EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C72012D-F06D-40BB-B361-44CE980C7B4D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"961268B1-E804-4291-AA38-F2905B98285F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"87F0BAD3-7145-496C-823D-C035AB73D5CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"86FA270B-1EEF-4506-B3F8-0019E1965E12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6DAAB93-C2E9-4097-BB7E-A22C37860302\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD8347A2-BAF5-420D-A52A-2A7B1BFE5619\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF28B01F-9E9C-4703-9418-5CDA93305885\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"EA076D5B-9EDA-4DCB-BF15-5C361DE6F975\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*\",\"matchCriteriaId\":\"63B936C2-F61D-4E75-B7F7-4DD4A9735FB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"54ED4A12-F805-4A79-B083-0473BD5003EC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"BFEE2206-4D60-4C9E-A874-A4F23FF59059\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*\",\"matchCriteriaId\":\"77D045E8-12A8-4EDF-A423-F840CB2CF0AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A22D90B-E219-47A3-8396-820CD58A052A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*\",\"matchCriteriaId\":\"682F18C0-D9CD-44BC-8C72-A50F4B4741CF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"22CA1387-CD4F-45AE-A9CC-68E5538CDA49\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E46BE6C-734A-4D81-9BFB-24160B9A2477\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC05A847-376E-48C1-B7BC-1095610FF846\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"74A68C7C-DF85-4EB4-85EE-C98646D5C46F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*\",\"matchCriteriaId\":\"57876C43-071C-46FE-9A40-779F95DDCA93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*\",\"matchCriteriaId\":\"30503A37-B4CB-45FF-81E6-9967BEEB1A5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*\",\"matchCriteriaId\":\"C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*\",\"matchCriteriaId\":\"A12609EA-15AD-4215-9662-A93906593DB1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*\",\"matchCriteriaId\":\"A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*\",\"matchCriteriaId\":\"234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"D29250D9-4635-4BBB-9D1C-289C7ADFEAE5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8BD7D98-B18F-4FB9-B63D-7298033D8F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*\",\"matchCriteriaId\":\"4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*\",\"matchCriteriaId\":\"2779B6CB-CF0B-444A-A658-CB8D550FD147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8D0375A-3A01-445E-A95C-7E476CD4047E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"F9B63E36-32CA-4818-8BAC-5862188DFE6F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"8495282B-C4C3-44FE-8D6F-00AD59662A24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*\",\"matchCriteriaId\":\"18525C9D-D44D-4E0C-98A1-2389C257FFC2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4E22F42-D478-4E30-AD9C-50A4E799940B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD864580-CF91-412C-A62E-3E7252DF91FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*\",\"matchCriteriaId\":\"A14E5ABD-D2D4-4758-B18B-3CA0323D9518\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8EB1872-FE49-48EE-AF78-9373780F7D93\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"B11060EA-6755-4FC3-A305-E944861EDDB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"A20EF491-1355-4489-A839-69B46C70CC7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E4C0EABF-3D71-4EC9-B400-A4F043745B3C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"D99D631C-1596-4A7F-BF10-E69A1EB35C55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"645624F5-234D-4950-9385-7151C47C8621\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*\",\"matchCriteriaId\":\"C387783D-8402-46F2-AF87-73E8CD5BE097\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"040AF513-BC93-4B5F-A10A-915E4A711C1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"7688DC18-49BE-4F9C-A8B9-A5F84C093D17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF508B6C-23B7-444E-A9F4-400CA4D85431\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E80C09C-42A5-4AD2-9DEA-EB64AED72246\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*\",\"matchCriteriaId\":\"05E59433-8420-451C-AA76-78AF013F7AFA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"7A480CA1-79C6-43C3-B142-BD30FE00EA95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"36582BDF-9829-495C-A027-9F0F1DE78093\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"66D454E0-7E23-494C-BBCB-D56FF3FAD754\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B577293-9B56-44A5-A91C-8B2D885B0B7D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*\",\"matchCriteriaId\":\"76EC4FBC-48B9-46A7-93D6-F6812A25CC1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*\",\"matchCriteriaId\":\"143AAD4E-163B-4D30-9A5B-2ED6A48681C1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*\",\"matchCriteriaId\":\"1820F183-B5D5-4828-93D7-CEC6B7FE0176\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8D59DA4-8DF8-46D2-A77C-7785BD253168\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*\",\"matchCriteriaId\":\"B418905D-675D-4E3D-840F-45F2C3FF1855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB2984C2-9C12-4926-BF31-AE064AAE9F45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*\",\"matchCriteriaId\":\"8068BA02-8996-436D-B9DF-373AECF61A45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*\",\"matchCriteriaId\":\"C56FE165-AFA7-4E47-9BB3-3326086D5C45\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56A62D9-6FE7-4062-9D83-75BFE14A0E83\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CC854BA-4F7B-482F-B13F-B16E99C00ECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0F4857C-0262-4D50-A209-B731CE4DE4C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"00BDFE07-2443-4B79-A9CB-F3F03A0AA313\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*\",\"matchCriteriaId\":\"CD497063-FA78-4AAC-807F-C03771781D15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*\",\"matchCriteriaId\":\"2D5E161C-B6B6-40E8-B0E8-AEB72998119E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*\",\"matchCriteriaId\":\"2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D6D61B6-78CF-47A5-B18D-394803F768B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FAB00D7-319D-4628-819E-608A4392E901\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*\",\"matchCriteriaId\":\"58B8C748-C873-4611-9D25-FF73439F6559\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FBE83D2-96E7-489E-A7A1-D02193D022A2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*\",\"matchCriteriaId\":\"532021A2-9D2C-4365-AA76-8B9F1E3401D1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*\",\"matchCriteriaId\":\"561F487C-3FCE-4F68-ADEF-61A807E18A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"44135F5A-96DC-471E-9A7C-48EA124E5DBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*\",\"matchCriteriaId\":\"34A8EC2F-BB91-448E-B21C-2D7822CA04F2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*\",\"matchCriteriaId\":\"20810603-1A08-4AEE-A6C5-EFEDB3C923BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*\",\"matchCriteriaId\":\"12B67BB1-3943-4F30-8470-FF3E446F5E3F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"72F686C1-E970-41CF-A5F6-842E0B15D85E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"19E99ECD-6D6C-4290-9D41-47CFA9373B41\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*\",\"matchCriteriaId\":\"D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"072EF984-3F4F-44ED-BFE4-78E063B474BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAD39775-38AC-439A-96F4-7DAD9A2E1537\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC62B752-36D4-4F2F-ACA0-4D693FC6315C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*\",\"matchCriteriaId\":\"239431AD-427E-40C9-9DEA-F4B2B8734529\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*\",\"matchCriteriaId\":\"40E8F365-0C9D-473F-A5F6-E05872B3A925\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*\",\"matchCriteriaId\":\"597A3F8A-1538-4B71-8D4D-2966F49E023B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2991483-7274-4FA9-AA96-7BD0C2715FCC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*\",\"matchCriteriaId\":\"23CA58A4-64A3-47B7-A4A0-8A6D9513A16C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A27D18-8022-4B5C-9314-A087674C14A6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*\",\"matchCriteriaId\":\"C11B36AB-043E-4DE8-AFCC-92E3092C0E26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*\",\"matchCriteriaId\":\"39FEF22E-F568-40E6-8BBF-D52600DE082D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D9DF278-ECE1-4530-BCE4-95266340BE47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*\",\"matchCriteriaId\":\"11649A08-A14B-46C8-97DB-9EB5FB7BF25B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*\",\"matchCriteriaId\":\"D23782A1-EA7E-4B22-8943-F69510673CBA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7B5F773-EC27-475A-ADE3-E4A33D1DFA64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*\",\"matchCriteriaId\":\"60D7B24F-0075-4362-9F07-A0C55F07FA9F\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"11AA0180-8172-4021-AADF-7BAB1CA1BA96\"}]}]}],\"references\":[{\"url\":\"https://www.fatpipeinc.com/support/cve-list.php\",\"source\":\"cret@cert.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ic3.gov/Media/News/2021/211117-2.pdf\",\"source\":\"cret@cert.org\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://www.fatpipeinc.com/support/cve-list.php\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.ic3.gov/Media/News/2021/211117-2.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.fatpipeinc.com/support/cve-list.php\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.ic3.gov/Media/News/2021/211117-2.pdf\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T21:33:15.927Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-27860\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-02-04T19:32:03.032241Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2022-01-10\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27860\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-434\", \"description\": \"CWE-434 Unrestricted Upload of File with Dangerous Type\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-02-04T19:32:13.974Z\"}}], \"cna\": {\"title\": \"Arbitrary file upload vulnerability in FatPipe software\", \"source\": {\"advisory\": \"FPSA006\", \"discovery\": \"USER\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"FatPipe\", \"product\": \"WARP\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\", \"lessThan\": \"10.1.2r60p92\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2\", \"lessThan\": \"10.2.2r44p1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"FatPipe\", \"product\": \"IPVPN\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\", \"lessThan\": \"10.1.2r60p92\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2\", \"lessThan\": \"10.2.2r44p1\", \"versionType\": \"custom\"}]}, {\"vendor\": \"FatPipe\", \"product\": \"MPVPN\", \"versions\": [{\"status\": \"affected\", \"version\": \"10.1\", \"lessThan\": \"10.1.2r60p92\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"10.2\", \"lessThan\": \"10.2.2r44p1\", \"versionType\": \"custom\"}]}], \"datePublic\": \"2021-11-16T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.fatpipeinc.com/support/cve-list.php\"}, {\"url\": \"https://www.ic3.gov/Media/News/2021/211117-2.pdf\"}], \"x_generator\": {\"engine\": \"cveClient/1.0.15\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.\"}], \"providerMetadata\": {\"orgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"shortName\": \"certcc\", \"dateUpdated\": \"2023-10-13T15:04:56.650Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, \"source\": {\"advisory\": \"FPSA006\", \"discovery\": \"USER\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_name\": \"10.1\", \"version_value\": \"10.1.2r60p92\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"10.2\", \"version_value\": \"10.2.2r44p1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"WARP\"}, {\"version\": {\"version_data\": [{\"version_name\": \"10.1\", \"version_value\": \"10.1.2r60p92\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"10.2\", \"version_value\": \"10.2.2r44p1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"IPVPN\"}, {\"version\": {\"version_data\": [{\"version_name\": \"10.1\", \"version_value\": \"10.1.2r60p92\", \"version_affected\": \"\u003c\"}, {\"version_name\": \"10.2\", \"version_value\": \"10.2.2r44p1\", \"version_affected\": \"\u003c\"}]}, \"product_name\": \"MPVPN\"}]}, \"vendor_name\": \"FatPipe\"}]}}, \"data_type\": \"CVE\", \"generator\": {\"engine\": \"Vulnogram 0.0.9\"}, \"references\": {\"reference_data\": [{\"url\": \"https://www.fatpipeinc.com/support/cve-list.php\", \"name\": \"https://www.fatpipeinc.com/support/cve-list.php\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.ic3.gov/Media/News/2021/211117-2.pdf\", \"name\": \"https://www.ic3.gov/Media/News/2021/211117-2.pdf\", \"refsource\": \"MISC\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.\"}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2021-27860\", \"STATE\": \"PUBLIC\", \"TITLE\": \"Arbitrary file upload vulnerability in FatPipe software\", \"ASSIGNER\": \"cert@cert.org\", \"DATE_PUBLIC\": \"2021-11-16T00:00:00.000Z\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2021-27860\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-02-04T19:32:18.487Z\", \"dateReserved\": \"2021-03-01T00:00:00.000Z\", \"assignerOrgId\": \"37e5125f-f79b-445b-8fad-9564f167944b\", \"datePublished\": \"2021-12-08T16:15:48.319Z\", \"assignerShortName\": \"certcc\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.