fkie_nvd - fkie_cve-2021-27858

FKIE_CVE-2021-27858

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.

References

URL	Tags
cret@cert.org	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
cret@cert.org	https://www.zeroscience.mk/codes/fatpipe_auth.txt	Third Party Advisory
cret@cert.org	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/codes/fatpipe_auth.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php	Third Party Advisory

Impacted products

Vendor	Product	Version
fatpipeinc	ipvpn_firmware	5.2.0
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	7.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn	-
fatpipeinc	mpvpn_firmware	5.2.0
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	7.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn	-
fatpipeinc	warp_firmware	5.2.0
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	7.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de falta de autorizaci\u00f3n en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto acceder al menos a la URL \"/fpui/jsp/index.jsp\", conllevando a un impacto desconocido, presumiblemente alguna violaci\u00f3n de la confidencialidad. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA004"
    }
  ],
  "id": "CVE-2021-27858",
  "lastModified": "2024-11-21T05:58:39.313",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.110",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-27858 (GCVE-0-2021-27858)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-17 01:16

Title

Missing authorization vulnerability in FatPipe software

Summary

Severity ?

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

CWE-862 - Missing Authorization

Assigner

certcc

References

URL

Tags

	https://www.zeroscience.mk/en/vulnerabilities/ZSL…	x_refsource_MISC
	https://www.fatpipeinc.com/support/cve-list.php	x_refsource_CONFIRM
	https://www.zeroscience.mk/codes/fatpipe_auth.txt	x_refsource_MISC

Impacted products

Vendor

Product

Version

FatPipe

WARP

Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)

	FatPipe	IPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)
	FatPipe	MPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.298Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:49",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
        }
      ],
      "source": {
        "advisory": "FPSA004",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27858",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL \"/fpui/jsp/index.jsp\" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_auth.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_auth.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA004",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27858",
    "datePublished": "2021-12-15T16:14:49.376874Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-17T01:16:55.538Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2021-27858

CVE-2021-27858 (GCVE-0-2021-27858)

Tags

Sightings

Nomenclature