Transcription
CVE-2021-27858Published on: 12/15/2021 12:00:00 AM UTCLast Modified on: 12/21/2021 01:53:00 PM UTCCVE-2021-27858 - advisory for FPSA004Source: MitreSource: NistPrint: PDFCertain versions of Ipvpn from Fatpipeinc contain the followingvulnerability:A missing authorization vulnerability in the web management interfaceof FatPipe WARP, IPVPN, and MPVPN software prior to versions10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at leastthe URL "/fpui/jsp/index.jsp" leading to unknown impact, presumablysome violation of confidentiality. Older versions of FatPipe softwaremay also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.CVE-2021-27858 has been assigned byCVSS3 Score:MEDIUMseverity.5.3 - yImpactUNCHANGEDCVSS2 Score:cert@cert.org to track the vulnerability - currently rated 5 - mpactAvailabilityImpactNONENONECVE ReferencesDescriptionTechnical Support - FatPipe NetworksTagswww.fatpipeinc.comtext/htmlLinkCONFIRM www.fatpipeinc.com/support/cvelist.php
text/htmlZero Science Lab ยป FatPipe Networks WARP 10.2.2Authorization ce.mk/en/vulnerabilities/ZSL-20215682.phpMISC www.zeroscience.mk/codes/fatpipe auth.txtwww.zeroscience.mktext/plainBy selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information thatwould be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites thatare more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further,CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages tocomment@cve.report.There are currently no QIDs associated with this CVEKnown Affected Configurations (CPE tpipeincIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn cIpvpn incIpvpn cIpvpn cIpvpn cIpvpn vpn vpn vpn Firmware5.2.0r34AllAll
SystemOperatingSystemFatpipeincIpvpn Ipvpn ncIpvpn ncIpvpn pn vpn vpn vpn vpn cIpvpn cIpvpn cIpvpn Ipvpn cIpvpn cIpvpn Ipvpn vpn Ipvpn Ipvpn vpn Ipvpn AllAllOperatingSystemFatpipeincMpvpn Firmware10.1.2r60p10AllAll
OperatingSystemFatpipeincMpvpn cMpvpn cMpvpn cMpvpn cMpvpn cMpvpn cMpvpn incMpvpn cMpvpn cMpvpn cMpvpn vpn vpn vpn pn Mpvpn ncMpvpn ncMpvpn pn vpn vpn vpn vpn Firmware9.1.2r161p12AllAll
OperatingSystemFatpipeincMpvpn cMpvpn cMpvpn Mpvpn cMpvpn cMpvpn Mpvpn vpn Mpvpn Mpvpn vpn Mpvpn llAllOperatingSystemFatpipeincWarp cWarp cWarp cWarp cWarp cWarp cWarp cWarp incWarp cWarp Firmware10.1.2r60p71AllAllOperatingFatpipeincWarp Firmware10.1.2r60p82AllAll
OperatingSystemFatpipeincWarp cWarp rp rp rp p Warp ncWarp ncWarp p rp rp rp rp cWarp cWarp cWarp Warp cWarp cWarp Warp rp Warp Firmware9.1.2r164p5AllAll
OperatingSystemFatpipeincWarp rp Warp -:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn pipeinc:ipvpn peinc:ipvpn peinc:ipvpn peinc:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn c:ipvpn einc:ipvpn ipeinc:ipvpn ipeinc:ipvpn c:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn nc:ipvpn firmware:9.1.2:r161p12:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn peinc:ipvpn peinc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn einc:ipvpn nc:ipvpn einc:ipvpn n peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn pipeinc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn firmware:5.2.0:r34:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:mpvpn einc:mpvpn ipeinc:mpvpn ipeinc:mpvpn c:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn nc:mpvpn peinc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn peinc:mpvpn peinc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn einc:mpvpn nc:mpvpn einc:mpvpn nc:warp:-:*:*:*:*:*:*:*:cpe:2.3:o:fatpipeinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp peinc:warp firmware:10.1.2:r60p58:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:warp pipeinc:warp peinc:warp peinc:warp peinc:warp nc:warp nc:warp nc:warp c:warp einc:warp ipeinc:warp ipeinc:warp c:warp nc:warp nc:warp nc:warp nc:warp peinc:warp peinc:warp peinc:warp einc:warp peinc:warp peinc:warp einc:warp nc:warp einc:warp einc:warp nc:warp firmware:9.1.2:r180p2:*:*:*:*:*:*:
cpe:2.3:o:fatpipeinc:warp firmware:9.1.2:r185:*:*:*:*:*:*:No vendor comments have been submitted for this CVESocial MentionsSource/r/netcveTitlePosted (UTC)CVE-2021-278582021-12-1518:38:30 Previous IDNext ID CVE.report 2022 Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard tothis information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy,completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANYconsequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. Thissite will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE website. This site includes MITRE data granted under the following license.CVE.report and Source URL Uptime Status status.cve.report
of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this .
