fkie_nvd - fkie_cve-2021-27859

FKIE_CVE-2021-27859

Vulnerability from fkie_nvd - Published: 2021-12-15 20:15 - Updated: 2024-11-21 05:58

Severity ?

8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

References

URL	Tags
cret@cert.org	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
cret@cert.org	https://www.zeroscience.mk/codes/fatpipe_csrf.txt	Third Party Advisory
cret@cert.org	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/codes/fatpipe_csrf.txt	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php	Third Party Advisory

Impacted products

Vendor	Product	Version
fatpipeinc	ipvpn_firmware	5.2.0
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	6.1.2
fatpipeinc	ipvpn_firmware	7.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	9.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.1.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn_firmware	10.2.2
fatpipeinc	ipvpn	-
fatpipeinc	mpvpn_firmware	5.2.0
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	6.1.2
fatpipeinc	mpvpn_firmware	7.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	9.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.1.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn_firmware	10.2.2
fatpipeinc	mpvpn	-
fatpipeinc	warp_firmware	5.2.0
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	6.1.2
fatpipeinc	warp_firmware	7.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	9.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.1.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp_firmware	10.2.2
fatpipeinc	warp	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*",
              "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*",
              "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*",
              "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*",
              "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*",
              "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*",
              "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*",
              "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*",
              "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*",
              "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*",
              "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*",
              "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*",
              "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*",
              "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*",
              "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*",
              "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*",
              "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*",
              "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*",
              "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*",
              "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*",
              "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*",
              "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*",
              "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*",
              "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*",
              "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*",
              "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*",
              "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*",
              "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*",
              "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*",
              "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*",
              "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*",
              "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*",
              "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*",
              "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*",
              "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*",
              "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de autorizaci\u00f3n ausente en la interfaz de administraci\u00f3n web del software FatPipe WARP, IPVPN y MPVPN versiones anteriores a 10.1.2r60p91 y 10.2.2r42, permite a un atacante remoto autenticado con privilegios de s\u00f3lo lectura crear una cuenta con privilegios administrativos. Las versiones m\u00e1s antiguas del software FatPipe tambi\u00e9n pueden ser vulnerables. Esto no parece ser una vulnerabilidad de tipo CSRF. El identificador de asesoramiento de FatPipe para esta vulnerabilidad es FPSA005"
    }
  ],
  "id": "CVE-2021-27859",
  "lastModified": "2024-11-21T05:58:39.460",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "cret@cert.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-15T20:15:08.163",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.fatpipeinc.com/support/cve-list.php"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cret@cert.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2021-27859 (GCVE-0-2021-27859)

Vulnerability from cvelistv5 – Published: 2021-12-15 16:14 – Updated: 2024-09-16 21:07

Title

Missing authorization vulnerability in FatPipe software

Summary

Severity ?

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-862 - Missing Authorization

Assigner

certcc

References

URL

Tags

	https://www.zeroscience.mk/en/vulnerabilities/ZSL…	x_refsource_MISC
	https://www.fatpipeinc.com/support/cve-list.php	x_refsource_CONFIRM
	https://www.zeroscience.mk/codes/fatpipe_csrf.txt	x_refsource_MISC

Impacted products

Vendor

Product

Version

FatPipe

WARP

Affected: 10.1 , < 10.1.2r60p91 (custom)
Affected: 10.2 , < 10.2.2r42 (custom)

	FatPipe	IPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)
	FatPipe	MPVPN	Affected: 10.1 , < 10.1.2r60p91 (custom) Affected: 10.2 , < 10.2.2r42 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T21:33:16.357Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.fatpipeinc.com/support/cve-list.php"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WARP",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "IPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "MPVPN",
          "vendor": "FatPipe",
          "versions": [
            {
              "lessThan": "10.1.2r60p91",
              "status": "affected",
              "version": "10.1",
              "versionType": "custom"
            },
            {
              "lessThan": "10.2.2r42",
              "status": "affected",
              "version": "10.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2021-09-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-15T16:14:50",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.fatpipeinc.com/support/cve-list.php"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
        }
      ],
      "source": {
        "advisory": "FPSA005",
        "discovery": "EXTERNAL"
      },
      "title": "Missing authorization vulnerability in FatPipe software",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "DATE_PUBLIC": "2021-09-27T00:00:00.000Z",
          "ID": "CVE-2021-27859",
          "STATE": "PUBLIC",
          "TITLE": "Missing authorization vulnerability in FatPipe software"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WARP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "IPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "MPVPN",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.1",
                            "version_value": "10.1.2r60p91"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "10.2",
                            "version_value": "10.2.2r42"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FatPipe"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-862: Missing Authorization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php"
            },
            {
              "name": "https://www.fatpipeinc.com/support/cve-list.php",
              "refsource": "CONFIRM",
              "url": "https://www.fatpipeinc.com/support/cve-list.php"
            },
            {
              "name": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt",
              "refsource": "MISC",
              "url": "https://www.zeroscience.mk/codes/fatpipe_csrf.txt"
            }
          ]
        },
        "source": {
          "advisory": "FPSA005",
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2021-27859",
    "datePublished": "2021-12-15T16:14:50.125637Z",
    "dateReserved": "2021-03-01T00:00:00",
    "dateUpdated": "2024-09-16T21:07:27.520Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

FKIE_CVE-2021-27859

CVE-2021-27859 (GCVE-0-2021-27859)

Tags

Sightings

Nomenclature