CVE-2021-27860

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-12-2021 06:15

Last modified: - 06-04-2022 03:13

Total changes: - 4

Description

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

High

Confidentiality

High

Integrity

None

Privileges required

Unchanged

Scope

Required

User interaction

8.8

Base score

2.8

5.9

Exploitability score

Impact score

Verification logic

AND

vendor=fatpipeinc AND product=ipvpn_firmware AND version=5.2.0 AND update=r34

vendor=fatpipeinc AND product=ipvpn_firmware AND version=6.1.2 AND update=r70p26

vendor=fatpipeinc AND product=ipvpn_firmware AND version=6.1.2 AND update=r70p45-m

vendor=fatpipeinc AND product=ipvpn_firmware AND version=6.1.2 AND update=r70p75-m

vendor=fatpipeinc AND product=ipvpn_firmware AND version=7.1.2 AND update=r39

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r129

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r144

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r150

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r156

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p12

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p16

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p17

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p2

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p20

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p26

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r161p3

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r164

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r164p4

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r164p5

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r165

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r180p2

vendor=fatpipeinc AND product=ipvpn_firmware AND version=9.1.2 AND update=r185

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p10

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p13

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p32

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p35

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p45

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p55

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p58

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p58s1

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p65

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p71

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.1.2 AND update=r60p82

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.2.2 AND update=r10

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.2.2 AND update=r25

vendor=fatpipeinc AND product=ipvpn_firmware AND version=10.2.2 AND update=r38

vendor=fatpipeinc AND product=ipvpn AND version=-

AND

vendor=fatpipeinc AND product=warp_firmware AND version=5.2.0 AND update=r34

vendor=fatpipeinc AND product=warp_firmware AND version=6.1.2 AND update=r70p26

vendor=fatpipeinc AND product=warp_firmware AND version=6.1.2 AND update=r70p45-m

vendor=fatpipeinc AND product=warp_firmware AND version=6.1.2 AND update=r70p75-m

vendor=fatpipeinc AND product=warp_firmware AND version=7.1.2 AND update=r39

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r129

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r144

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r150

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r156

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p12

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p16

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p17

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p2

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p20

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p26

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r161p3

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r164

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r164p4

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r164p5

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r165

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r180p2

vendor=fatpipeinc AND product=warp_firmware AND version=9.1.2 AND update=r185

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p10

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p13

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p32

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p35

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p45

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p55

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p58

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p58s1

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p65

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p71

vendor=fatpipeinc AND product=warp_firmware AND version=10.1.2 AND update=r60p82

vendor=fatpipeinc AND product=warp_firmware AND version=10.2.2 AND update=r10

vendor=fatpipeinc AND product=warp_firmware AND version=10.2.2 AND update=r25

vendor=fatpipeinc AND product=warp_firmware AND version=10.2.2 AND update=r38

vendor=fatpipeinc AND product=warp AND version=-

AND

vendor=fatpipeinc AND product=mpvpn_firmware AND version=5.2.0 AND update=r34

vendor=fatpipeinc AND product=mpvpn_firmware AND version=6.1.2 AND update=r70p26

vendor=fatpipeinc AND product=mpvpn_firmware AND version=6.1.2 AND update=r70p45-m

vendor=fatpipeinc AND product=mpvpn_firmware AND version=6.1.2 AND update=r70p75-m

vendor=fatpipeinc AND product=mpvpn_firmware AND version=7.1.2 AND update=r39

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r129

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r144

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r150

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r156

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p12

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p16

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p17

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p2

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p20

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p26

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r161p3

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r164

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r164p4

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r164p5

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r165

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r180p2

vendor=fatpipeinc AND product=mpvpn_firmware AND version=9.1.2 AND update=r185

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p10

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p13

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p32

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p35

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p45

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p55

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p58

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p58s1

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p65

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p71

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.1.2 AND update=r60p82

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.2.2 AND update=r10

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.2.2 AND update=r25

vendor=fatpipeinc AND product=mpvpn_firmware AND version=10.2.2 AND update=r38

vendor=fatpipeinc AND product=mpvpn AND version=-

Reference

Keywords

CVE-2021-27860

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-27860

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures