Transcription
CVE-2021-27859Published on: 12/15/2021 12:00:00 AM UTCLast Modified on: 12/21/2021 01:26:00 PM UTCCVE-2021-27859 - advisory for FPSA005Source: MitreSource: NistPrint: PDFCertain versions of Ipvpn from Fatpipeinc contain the followingvulnerability:A missing authorization vulnerability in the web management interfaceof FatPipe WARP, IPVPN, and MPVPN software prior to versions10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attackerwith read-only privileges to create an account with administrativeprivileges. Older versions of FatPipe software may also be vulnerable.This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for thisvulnerability is FPSA005.CVE-2021-27859 has been assigned byCVSS3 Score:HIGHseverity.8.8 - pactUNCHANGEDCVSS2 Score:cert@cert.org to track the vulnerability - currently rated H6.5 - yImpactAvailabilityImpactPARTIALPARTIALCVE ReferencesDescriptionTechnical Support - FatPipe NetworksTagswww.fatpipeinc.comLinkCONFIRM
Technical Support - FatPipe Networkswww.fatpipeinc.comtext/htmlNo Description Providedwww.zeroscience.mktext/htmlZero Science Lab ยป FatPipe Networks WARP/IPVPN/MPVPN 10.2.2CSRF Add Admin mk/codes/fatpipe ZSL2021-5681.phpBy selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information thatwould be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites thatare more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages tocomment@cve.report.There are currently no QIDs associated with this CVEKnown Affected Configurations (CPE tpipeincIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn incIpvpn cIpvpn cIpvpn cIpvpn vpn vpn Firmware10.2.2r38AllAll
OperatingSystemFatpipeincIpvpn pn Ipvpn ncIpvpn ncIpvpn pn vpn vpn vpn vpn cIpvpn cIpvpn cIpvpn Ipvpn cIpvpn cIpvpn Ipvpn vpn Ipvpn Ipvpn vpn Ipvpn AllAllOperatingFatpipeincMpvpn Firmware10.1.2r60p10AllAll
SystemOperatingSystemFatpipeincMpvpn cMpvpn cMpvpn cMpvpn cMpvpn cMpvpn cMpvpn incMpvpn cMpvpn cMpvpn cMpvpn vpn vpn vpn pn Mpvpn ncMpvpn ncMpvpn pn vpn vpn vpn Firmware9.1.2r156AllAllOperatingFatpipeincMpvpn Firmware9.1.2r161p12AllAll
OperatingSystemFatpipeincMpvpn cMpvpn cMpvpn cMpvpn Mpvpn cMpvpn cMpvpn Mpvpn vpn Mpvpn Mpvpn vpn Mpvpn llAllOperatingSystemFatpipeincWarp cWarp cWarp cWarp cWarp cWarp cWarp cWarp incWarp cWarp Firmware10.1.2r60p71AllAll
SystemOperatingSystemFatpipeincWarp cWarp rp rp rp p Warp ncWarp ncWarp p rp rp rp rp cWarp cWarp cWarp Warp cWarp cWarp Warp rp Warp Firmware9.1.2r164p5AllAll
SystemOperatingSystemFatpipeincWarp rp Warp -:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn pipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn c:ipvpn einc:ipvpn ipeinc:ipvpn ipeinc:ipvpn c:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn firmware:9.1.2:r156:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn n peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn pipeinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn firmware:5.2.0:r34:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:mpvpn einc:mpvpn ipeinc:mpvpn ipeinc:mpvpn c:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn nc:warp:-:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp firmware:10.1.2:r60p55:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:warp peinc:warp pipeinc:warp peinc:warp peinc:warp peinc:warp nc:warp nc:warp nc:warp c:warp einc:warp ipeinc:warp ipeinc:warp c:warp nc:warp nc:warp nc:warp nc:warp peinc:warp peinc:warp peinc:warp einc:warp peinc:warp peinc:warp einc:warp nc:warp einc:warp einc:warp nc:warp firmware:9.1.2:r180p2:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:warp einc:warp firmware:9.1.2:r185:*:*:*:*:*:*:No vendor comments have been submitted for this CVESocial MentionsSource/r/netcveTitlePosted (UTC)CVE-2021-278592021-12-1518:38:31 Previous IDNext ID CVE.report 2022 Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard tothis information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy,completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANYconsequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. Thissite will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE website. This site includes MITRE data granted under the following license.CVE.report and Source URL Uptime Status status.cve.report
of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory .
