Fatpipe Ipvpn vulnerabilities
6 known vulnerabilities affecting fatpipe/ipvpn.
Total CVEs
6
CISA KEV
1
actively exploited
Public exploits
2
Exploited in wild
3
Severity breakdown
CRITICAL1HIGH4MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-27860P1HIGHCVSS 8.8KEV≥ 10.1, < 10.1.2r60p92≥ 10.2, < 10.2.2r44p12021-12-08
CVE-2021-27860 [HIGH] CWE-434 CVE-2021-27860: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
nvd
CVE-2021-27856P1CRITICALCVSS 9.8ExploitedPoC≥ 10.1, < 10.1.2r60p91≥ 10.2, < 10.2.2r422021-12-15
CVE-2021-27856 [CRITICAL] CVE-2021-27856: FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an acc
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.
nvd
CVE-2021-27855P2HIGHCVSS 8.8Exploited≥ 10.1, < 10.1.2r60p91≥ 10.2, < 10.2.2r422021-12-15
CVE-2021-27855 [HIGH] CWE-862 CVE-2021-27855: FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
nvd
CVE-2021-27858P3MEDIUMCVSS 5.3PoC≥ 10.1, < 10.1.2r60p91≥ 10.2, < 10.2.2r422021-12-15
CVE-2021-27858 [MEDIUM] CWE-862 CVE-2021-27858: A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MP
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be
nvd
CVE-2021-27859P3HIGHCVSS 8.8≥ 10.1, < 10.1.2r60p91≥ 10.2, < 10.2.2r422021-12-15
CVE-2021-27859 [HIGH] CWE-862 CVE-2021-27859: A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MP
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not ap
nvd
CVE-2021-27857P3HIGHCVSS 7.5≥ 10.1, < 10.1.2r60p91≥ 10.2, < 10.2.2r422021-12-15
CVE-2021-27857 [HIGH] CWE-862 CVE-2021-27857: A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MP
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part o
nvd