cbcvebase.
CVE-2021-27858
published 2021-12-15

CVE-2021-27858: A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42…

PriorityP340medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.70%
84.1th percentile
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.

Affected

24 ranges
VendorProductVersion rangeFixed in
fatpipeipvpn>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipeipvpn>= 10.2 < 10.2.2r4210.2.2r42
fatpipempvpn>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipempvpn>= 10.2 < 10.2.2r4210.2.2r42
fatpipewarp>= 10.1 < 10.1.2r60p9110.1.2r60p91
fatpipewarp>= 10.2 < 10.2.2r4210.2.2r42
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.