Search criteria

18 vulnerabilities found for ipvpn_firmware by fatpipeinc

FKIE_CVE-2021-27857

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.zeroscience.mk/codes/fatpipe_configdl.txtThird Party Advisory
cret@cert.orghttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/codes/fatpipe_configdl.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.phpThird Party Advisory
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falta de autorizaci\u00f3n en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto no autenticado descargar un archivo de configuraci\u00f3n. El atacante necesita conocer o adivinar correctamente el nombre de host del sistema de destino, ya que el nombre de host es usado como parte del nombre del archivo de configuraci\u00f3n. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA003"
    }
  ],
  "id": "CVE-2021-27857",
  "lastModified": "2024-11-21T05:58:39.150",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.057",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-27856

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.zeroscience.mk/codes/fatpipe_backdoor.txtThird Party Advisory
cret@cert.orghttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/codes/fatpipe_backdoor.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.phpThird Party Advisory
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
    },
    {
      "lang": "es",
      "value": "El software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, incluye una cuenta llamada \"cmuser\" que tiene privilegios administrativos y no presenta contrase\u00f1a. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA002"
    }
  ],
  "id": "CVE-2021-27856",
  "lastModified": "2024-11-21T05:58:38.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.003",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-27859

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.zeroscience.mk/codes/fatpipe_csrf.txtThird Party Advisory
cret@cert.orghttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/codes/fatpipe_csrf.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.phpThird Party Advisory
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n ausente en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto autenticado con privilegios de s\u00f3lo lectura crear una cuenta con privilegios administrativos. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. Esto no parece ser una vulnerabilidad de tipo CSRF. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA005"
    }
  ],
  "id": "CVE-2021-27859",
  "lastModified": "2024-11-21T05:58:39.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.163",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-27858

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.zeroscience.mk/codes/fatpipe_auth.txtThird Party Advisory
cret@cert.orghttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/codes/fatpipe_auth.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.phpThird Party Advisory
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falta de autorizaci\u00f3n en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto acceder al menos a la URL \"/fpui/jsp/index.jsp\", conllevando a un impacto desconocido, presumiblemente alguna violaci\u00f3n de la confidencialidad. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA004"
    }
  ],
  "id": "CVE-2021-27858",
  "lastModified": "2024-11-21T05:58:39.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.110",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-27855

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.zeroscience.mk/codes/fatpipe_privesc.txtThird Party Advisory
cret@cert.orghttps://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.phpThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/codes/fatpipe_privesc.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.phpThird Party Advisory
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
    },
    {
      "lang": "es",
      "value": "El software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto y autenticado con privilegios de s\u00f3lo lectura concederse privilegios administrativos. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA001"
    }
  ],
  "id": "CVE-2021-27855",
  "lastModified": "2024-11-21T05:58:38.793",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:07.940",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2021-27860

Vulnerability from fkie_nvd - Published: 2021-12-08 17:15 - Updated: 2025-10-24 14:13
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
References
cret@cert.orghttps://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
cret@cert.orghttps://www.ic3.gov/Media/News/2021/211117-2.pdfExploit, Mitigation, Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.ic3.gov/Media/News/2021/211117-2.pdfExploit, Mitigation, Third Party Advisory, US Government Resource
134c704f-9b21-4f2e-91b3-4a467353bcc0https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860US Government Resource
Impacted products
Vendor Product Version
fatpipeinc ipvpn_firmware 5.2.0
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 6.1.2
fatpipeinc ipvpn_firmware 7.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 9.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.1.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn_firmware 10.2.2
fatpipeinc ipvpn -
fatpipeinc warp_firmware 5.2.0
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 6.1.2
fatpipeinc warp_firmware 7.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 9.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.1.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp_firmware 10.2.2
fatpipeinc warp -
fatpipeinc mpvpn_firmware 5.2.0
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 6.1.2
fatpipeinc mpvpn_firmware 7.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 9.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.1.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn_firmware 10.2.2
fatpipeinc mpvpn -
To clipboard 

{
  "cisaActionDue": "2022-01-24",
  "cisaExploitAdd": "2022-01-10",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web del software FatPipe WARP, IPVPN y MPVPN anterior a las versiones 10.1.2r60p92 y 10.2.2r44p1 permite a un atacante remoto no autentificado cargar un archivo en cualquier ubicaci\u00f3n del sistema de archivos. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA006"
    }
  ],
  "id": "CVE-2021-27860",
  "lastModified": "2025-10-24T14:13:36.940",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-08T17:15:10.800",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-434"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

CVE-2021-27859 (GCVE-0-2021-27859)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-16 21:07
VLAI?
Title
Missing authorization vulnerability in FatPipe software
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:50",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
        }
      ],
      "source": {
        "advisory": "FPSA005",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27859",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA005",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27859",
    "datePublished": "2021-12-15T16:14:50.125637Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-16T21:07:27.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27858 (GCVE-0-2021-27858)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:16
VLAI?
Title
Missing authorization vulnerability in FatPipe software
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:49",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
        }
      ],
      "source": {
        "advisory": "FPSA004",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27858",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_auth.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA004",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27858",
    "datePublished": "2021-12-15T16:14:49.376874Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:16:55.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27857 (GCVE-0-2021-27857)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 04:29
VLAI?
Title
FatPipe software allows unauthenticated configuration download
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:48",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
        }
      ],
      "source": {
        "advisory": "FPSA003",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software allows unauthenticated configuration download",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27857",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software allows unauthenticated configuration download"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA003",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27857",
    "datePublished": "2021-12-15T16:14:48.650988Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T04:29:07.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27855 (GCVE-0-2021-27855)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 02:42
VLAI?
Title
FatPipe software allows privilege escalation
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:17.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:47",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
        }
      ],
      "source": {
        "advisory": "FPSA001",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software allows privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27855",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software allows privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA001",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27855",
    "datePublished": "2021-12-15T16:14:47.069558Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T02:42:43.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27856 (GCVE-0-2021-27856)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:31
VLAI?
Title
FatPipe software administrative account with no password
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • Default administrative account with no password
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Default administrative account with no password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:47",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
        }
      ],
      "source": {
        "advisory": "FPSA002",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software administrative account with no password",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27856",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software administrative account with no password"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Default administrative account with no password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA002",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27856",
    "datePublished": "2021-12-15T16:14:47.938619Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:31:27.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27860 (GCVE-0-2021-27860)

Vulnerability from cvelistv5 – Published: 2021-12-08 16:15 – Updated: 2025-10-21 23:25
VLAI?
Title
Arbitrary file upload vulnerability in FatPipe software
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27860",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:32:03.032241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-01-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:23.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-10T00:00:00+00:00",
            "value": "CVE-2021-27860 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T15:04:56.650Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
        }
      ],
      "source": {
        "advisory": "FPSA006",
        "discovery": "USER"
      },
      "title": "Arbitrary file upload vulnerability in FatPipe software",
      "x_generator": {
        "engine": "cveClient/1.0.15"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-11-16T00:00:00.000Z",
          "ID": "CVE-2021-27860",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary file upload vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf",
              "refsource": "MISC",
              "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
            }
          ]
        },
        "source": {
          "advisory": "FPSA006",
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27860",
    "datePublished": "2021-12-08T16:15:48.319Z",
    "dateReserved": "2021-03-01T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:23.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27859 (GCVE-0-2021-27859)

Vulnerability from nvd – Published: 2021-12-15 16:14 – Updated: 2024-09-16 21:07
VLAI?
Title
Missing authorization vulnerability in FatPipe software
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:50",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
        }
      ],
      "source": {
        "advisory": "FPSA005",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27859",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA005",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27859",
    "datePublished": "2021-12-15T16:14:50.125637Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-16T21:07:27.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27858 (GCVE-0-2021-27858)

Vulnerability from nvd – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:16
VLAI?
Title
Missing authorization vulnerability in FatPipe software
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
Severity ?
5.3 (Medium)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:49",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
        }
      ],
      "source": {
        "advisory": "FPSA004",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27858",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_auth.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA004",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27858",
    "datePublished": "2021-12-15T16:14:49.376874Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:16:55.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27857 (GCVE-0-2021-27857)

Vulnerability from nvd – Published: 2021-12-15 16:14 – Updated: 2024-09-17 04:29
VLAI?
Title
FatPipe software allows unauthenticated configuration download
Summary
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
Severity ?
7.5 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.878Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:48",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
        }
      ],
      "source": {
        "advisory": "FPSA003",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software allows unauthenticated configuration download",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27857",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software allows unauthenticated configuration download"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5683.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_configdl.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA003",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27857",
    "datePublished": "2021-12-15T16:14:48.650988Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T04:29:07.048Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27855 (GCVE-0-2021-27855)

Vulnerability from nvd – Published: 2021-12-15 16:14 – Updated: 2024-09-17 02:42
VLAI?
Title
FatPipe software allows privilege escalation
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:17.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:47",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
        }
      ],
      "source": {
        "advisory": "FPSA001",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software allows privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27855",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software allows privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_privesc.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA001",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27855",
    "datePublished": "2021-12-15T16:14:47.069558Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T02:42:43.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27856 (GCVE-0-2021-27856)

Vulnerability from nvd – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:31
VLAI?
Title
FatPipe software administrative account with no password
Summary
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • Default administrative account with no password
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Default administrative account with no password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:47",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
        }
      ],
      "source": {
        "advisory": "FPSA002",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software administrative account with no password",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27856",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software administrative account with no password"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Default administrative account with no password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA002",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27856",
    "datePublished": "2021-12-15T16:14:47.938619Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:31:27.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2021-27860 (GCVE-0-2021-27860)

Vulnerability from nvd – Published: 2021-12-08 16:15 – Updated: 2025-10-21 23:25
VLAI?
Title
Arbitrary file upload vulnerability in FatPipe software
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-434 - Unrestricted Upload of File with Dangerous Type
Assigner
References
Impacted products
Vendor Product Version
FatPipe WARP Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
    FatPipe IPVPN Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
    FatPipe MPVPN Affected: 10.1 , < 10.1.2r60p92 (custom)
Affected: 10.2 , < 10.2.2r44p1 (custom)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-27860",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-04T19:32:03.032241Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2022-01-10",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-434",
                "description": "CWE-434 Unrestricted Upload of File with Dangerous Type",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:23.273Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2022-01-10T00:00:00+00:00",
            "value": "CVE-2021-27860 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p92",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r44p1",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-11-16T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-10-13T15:04:56.650Z",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
        }
      ],
      "source": {
        "advisory": "FPSA006",
        "discovery": "USER"
      },
      "title": "Arbitrary file upload vulnerability in FatPipe software",
      "x_generator": {
        "engine": "cveClient/1.0.15"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-11-16T00:00:00.000Z",
          "ID": "CVE-2021-27860",
          "STATE": "PUBLIC",
          "TITLE": "Arbitrary file upload vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p92"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r44p1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf",
              "refsource": "MISC",
              "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
            }
          ]
        },
        "source": {
          "advisory": "FPSA006",
          "discovery": "USER"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27860",
    "datePublished": "2021-12-08T16:15:48.319Z",
    "dateReserved": "2021-03-01T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:23.273Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}