cbcvebase.
CVE-2021-27860
published 2021-12-08

CVE-2021-27860: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote…

PriorityP188high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-01-24
Exploited in the wild
EPSS
39.82%
98.4th percentile
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

Affected

24 ranges
VendorProductVersion rangeFixed in
fatpipeipvpn>= 10.1 < 10.1.2r60p9210.1.2r60p92
fatpipeipvpn>= 10.2 < 10.2.2r44p110.2.2r44p1
fatpipempvpn>= 10.1 < 10.1.2r60p9210.1.2r60p92
fatpipempvpn>= 10.2 < 10.2.2r44p110.2.2r44p1
fatpipewarp>= 10.1 < 10.1.2r60p9210.1.2r60p92
fatpipewarp>= 10.2 < 10.2.2r44p110.2.2r44p1
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincipvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincmpvpn_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware
fatpipeincwarp_firmware

Detection & IOCsextracted from sources · hover to see the quote

  • Compromised FatPipe SOHO devices were used by Volt Typhoon to proxy network traffic to blend in with legitimate activity — monitor for anomalous outbound proxy/tunnel traffic from these devices
  • The vulnerability allows unauthenticated file upload to any filesystem location via the web management interface — monitor for unauthenticated POST requests to the FatPipe web management interface that result in file writes outside expected directories
  • ·Only FatPipe WARP, IPVPN, and MPVPN software versions prior to 10.1.2r60p92 and 10.2.2r44p1 are vulnerable; patched versions are not affected

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck9.8CRITICAL
cisa8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.