cbcvebase.
CVE-2021-27855
published 2021-12-15

CVE-2021-27855: FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant…

PriorityP278high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
1.60%
72.8th percentile
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.

Affected

24 ranges
VendorProductVersion rangeFixed in
fatpipeipvpn>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipeipvpn>= 10.2 < 10.2.2r4210.2.2r42
fatpipempvpn>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipempvpn>= 10.2 < 10.2.2r4210.2.2r42
fatpipewarp>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipewarp>= 10.2 < 10.2.2r4210.2.2r42
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
vulncheck8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.