CVE-2021-27860
published 2021-12-08CVE-2021-27860: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote…
PriorityP188high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-01-24
Exploited in the wild
EPSS
39.82%
98.4th percentile
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Affected
24 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fatpipe | ipvpn | >= 10.1 < 10.1.2r60p92 | 10.1.2r60p92 |
| fatpipe | ipvpn | >= 10.2 < 10.2.2r44p1 | 10.2.2r44p1 |
| fatpipe | mpvpn | >= 10.1 < 10.1.2r60p92 | 10.1.2r60p92 |
| fatpipe | mpvpn | >= 10.2 < 10.2.2r44p1 | 10.2.2r44p1 |
| fatpipe | warp | >= 10.1 < 10.1.2r60p92 | 10.1.2r60p92 |
| fatpipe | warp | >= 10.2 < 10.2.2r44p1 | 10.2.2r44p1 |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | ipvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | mpvpn_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
| fatpipeinc | warp_firmware | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Compromised FatPipe SOHO devices were used by Volt Typhoon to proxy network traffic to blend in with legitimate activity — monitor for anomalous outbound proxy/tunnel traffic from these devices ↗
- →The vulnerability allows unauthenticated file upload to any filesystem location via the web management interface — monitor for unauthenticated POST requests to the FatPipe web management interface that result in file writes outside expected directories ↗
- ·Only FatPipe WARP, IPVPN, and MPVPN software versions prior to 10.1.2r60p92 and 10.2.2r44p1 are vulnerable; patched versions are not affected ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
cisa·2022-01-10·CVSS 8.8
CVE-2021-27860 [HIGH] CWE-434 FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
Vulnerability: FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
Affected: FatPipe WARP, IPVPN, and MPVPN software
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-27860
Remediation Due Date: 2022-01-24
GHSA
GHSA-hfgw-xgjr-v384: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10
ghsa_unreviewed·2021-12-09
CVE-2021-27860 [HIGH] CWE-434 GHSA-hfgw-xgjr-v384: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
VulnCheck
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
vulncheck·2021·CVSS 9.8
CVE-2021-27860 [CRITICAL] CWE-434 FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
Affected: FatPipe WARP, IPVPN, and MPVPN software
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cisa.gov/news-events/cybersecurity-advisories/aa23-144a; https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF; https://information.rapid7.com/rs/411-NAK-970/images/Rapid7-2023-Mid-Year-Threat-Review.pdf; https://www.cisa.gov/sites/default/files/2024-11/aa24-317a-2023-top-routinely-exploited-vul
No detection rules found.
No public exploits indexed.
Tenable
Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
blogs_tenable·2024-11-19
Volt Typhoon: U.S. Critical Infrastructure Targeted by State-Sponsored Actors
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
blogs_tenable·2023-05-25
Volt Typhoon: International Cybersecurity Authorities Detail Activity Linked to Chinese-State Sponsored Threat Actor
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
2021-12-08
Published
2022-01-10
Added to CISA KEV
Exploited in the wild