fkie_nvd - fkie_cve-2021-27856

FKIE_CVE-2021-27856

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58

Severity ?

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.

References

URL	Tags
cret@cert.org	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
cret@cert.org	https://www.zeroscience.mk/codes/fatpipe_backdoor.txt	Third Party Advisory
cret@cert.org	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/codes/fatpipe_backdoor.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php	Third Party Advisory

Impacted products

Vendor	Product	Version
fatpipeinc	ipvpn_firmware	5.2.0
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	7.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn	-
fatpipeinc	mpvpn_firmware	5.2.0
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	7.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn	-
fatpipeinc	warp_firmware	5.2.0
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	7.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
    },
    {
      "lang": "es",
      "value": "El software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, incluye una cuenta llamada \"cmuser\" que tiene privilegios administrativos y no presenta contrase\u00f1a. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA002"
    }
  ],
  "id": "CVE-2021-27856",
  "lastModified": "2024-11-21T05:58:38.990",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.003",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-27856 (GCVE-0-2021-27856)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:31

Title

FatPipe software administrative account with no password

Summary

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Default administrative account with no password

Assigner

certcc

References

URL

Tags

	https://www.zeroscience.mk/en/vulnerabilities/ZSL…	x_refsource_MISC
	https://www.fatpipeinc.com/support/cve-list.php	x_refsource_CONFIRM
	https://www.zeroscience.mk/codes/fatpipe_backdoor.txt	x_refsource_MISC

Impacted products

Vendor

Product

Version

FatPipe

WARP

Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)

	FatPipe	IPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)
	FatPipe	MPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:15.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Default administrative account with no password",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:47",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
        }
      ],
      "source": {
        "advisory": "FPSA002",
        "discovery": "EXTERNAL"
      },
      "title": "FatPipe software administrative account with no password",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27856",
          "STATE": "PUBLIC",
          "TITLE": "FatPipe software administrative account with no password"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named \"cmuser\" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Default administrative account with no password"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_backdoor.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA002",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27856",
    "datePublished": "2021-12-15T16:14:47.938619Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:31:27.972Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2021-27856

CVE-2021-27856 (GCVE-0-2021-27856)

Tags

Sightings

Nomenclature