Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2021-27859
Analyzed
More InfoOfficial Page
Source-cret@cert.org
View Known Exploited Vulnerability (KEV) details
Published At-15 Dec, 2021 | 20:15
Updated At-21 Dec, 2021 | 13:26

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary2.06.5MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
CPE Matches
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>5.2.0
cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>7.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.1.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.2.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.2.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn_firmware>>10.2.2
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>ipvpn>>-
cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>5.2.0
cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>6.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>7.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*
fatpipeinc
fatpipeinc
>>mpvpn_firmware>>9.1.2
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-862Primarynvd@nist.gov
CWE-862Secondarycret@cert.org
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://www.fatpipeinc.com/support/cve-list.phpcret@cert.org
Vendor Advisory
https://www.zeroscience.mk/codes/fatpipe_csrf.txtcret@cert.org
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.phpcret@cert.org
Third Party Advisory
Change History
0Changes found
Details not found