Transcription
CVE-2021-27855Published on: 12/15/2021 12:00:00 AM UTCLast Modified on: 07/29/2022 02:07:00 PM UTCCVE-2021-27855 - advisory for FPSA001Source: MitreSource: NistPrint: PDFCertain versions of Ipvpn from Fatpipeinc contain the followingvulnerability:FatPipe WARP, IPVPN, and MPVPN software prior to versions10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attackerwith read-only privileges to grant themselves administrative privileges.Older versions of FatPipe software may also be vulnerable. TheFatPipe advisory identifier for this vulnerability is FPSA001.CVE-2021-27855 has been assigned byCVSS3 Score:HIGHseverity.8.8 - pactUNCHANGEDCVSS2 Score:cert@cert.org to track the vulnerability - currently rated H6.5 - yImpactAvailabilityImpactPARTIALPARTIALCVE pythonTechnical Support - FatPipe mk/codes/fatpipe privesc.txtCONFIRM
Technical Support - FatPipe Networkswww.fatpipeinc.comtext/htmlZero Science Lab ยป FatPipe Networks WARP/IPVPN/MPVPN 10.2.2Remote Privilege ce.mk/en/vulnerabilities/ZSL2021-5685.phpBy selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information thatwould be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites thatare more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages tocomment@cve.report.There are currently no QIDs associated with this CVEKnown Affected Configurations (CPE tpipeincIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn incIpvpn cIpvpn cIpvpn cIpvpn vpn vpn vpn Firmware5.2.0r34AllAllOperatingFatpipeincIpvpn Firmware6.1.2r70p26AllAll
OperatingSystemFatpipeincIpvpn Ipvpn ncIpvpn ncIpvpn pn vpn vpn vpn vpn cIpvpn cIpvpn cIpvpn Ipvpn cIpvpn cIpvpn Ipvpn vpn Ipvpn Ipvpn vpn Ipvpn Firmware9.1.2r185AllAllHardwareFatpipeincMpvpn Firmware-AllAllAllOperatingSystemFatpipeincMpvpn Firmware10.1.2r60p10AllAllOperatingFatpipeincMpvpn Firmware10.1.2r60p13AllAll
SystemOperatingSystemFatpipeincMpvpn cMpvpn cMpvpn cMpvpn cMpvpn cMpvpn incMpvpn cMpvpn cMpvpn cMpvpn vpn vpn vpn pn Mpvpn ncMpvpn ncMpvpn pn vpn vpn vpn vpn Firmware9.1.2r161p12AllAllOperatingFatpipeincMpvpn Firmware9.1.2r161p16AllAll
SystemOperatingSystemFatpipeincMpvpn cMpvpn Mpvpn cMpvpn cMpvpn Mpvpn vpn Mpvpn Mpvpn vpn Mpvpn Firmware9.1.2r185AllAllHardwareFatpipeincWarp Firmware-AllAllAllOperatingSystemFatpipeincWarp cWarp cWarp cWarp cWarp cWarp cWarp cWarp incWarp cWarp cWarp Firmware10.1.2r60p82AllAll
SystemOperatingSystemFatpipeincWarp rp rp rp p Warp ncWarp ncWarp p rp rp rp rp cWarp cWarp cWarp Warp cWarp cWarp Warp rp Warp Warp Firmware9.1.2r165AllAll
SystemOperatingSystemFatpipeincWarp Warp -:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn pipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn c:ipvpn einc:ipvpn ipeinc:ipvpn ipeinc:ipvpn c:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn peinc:ipvpn firmware:9.1.2:r161p16:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn nc:mpvpn n peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn pipeinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn c:mpvpn firmware:6.1.2:r70p26:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:mpvpn ipeinc:mpvpn ipeinc:mpvpn c:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn nc:warp firmware:-:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp firmware:10.1.2:r60p58s1:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:warp pipeinc:warp peinc:warp peinc:warp peinc:warp nc:warp nc:warp nc:warp c:warp einc:warp ipeinc:warp ipeinc:warp c:warp nc:warp nc:warp nc:warp nc:warp peinc:warp peinc:warp peinc:warp einc:warp peinc:warp peinc:warp einc:warp nc:warp einc:warp einc:warp nc:warp einc:warp firmware:9.1.2:r185:*:*:*:*:*:*:
No vendor comments have been submitted for this CVESocial MentionsSource/r/netcveTitlePosted (UTC)CVE-2021-278552021-12-1518:38:27 Previous IDNext ID CVE.report 2022 Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard tothis information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy,completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANYconsequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. Thissite will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE website. This site includes MITRE data granted under the following license.CVE.report and Source URL Uptime Status status.cve.report
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001. CVE References
