CVE-2021-27860

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
certccCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 97%
VendorProductVersion
fatpipeincipvpn_firmware
5.2.0:r34
fatpipeincipvpn_firmware
6.1.2:r70p26
fatpipeincipvpn_firmware
6.1.2:r70p45-m
fatpipeincipvpn_firmware
6.1.2:r70p75-m
fatpipeincipvpn_firmware
7.1.2:r39
fatpipeincipvpn_firmware
9.1.2:r129
fatpipeincipvpn_firmware
9.1.2:r144
fatpipeincipvpn_firmware
9.1.2:r150
fatpipeincipvpn_firmware
9.1.2:r156
fatpipeincipvpn_firmware
9.1.2:r161p12
fatpipeincipvpn_firmware
9.1.2:r161p16
fatpipeincipvpn_firmware
9.1.2:r161p17
fatpipeincipvpn_firmware
9.1.2:r161p2
fatpipeincipvpn_firmware
9.1.2:r161p20
fatpipeincipvpn_firmware
9.1.2:r161p26
fatpipeincipvpn_firmware
9.1.2:r161p3
fatpipeincipvpn_firmware
9.1.2:r164
fatpipeincipvpn_firmware
9.1.2:r164p4
fatpipeincipvpn_firmware
9.1.2:r164p5
fatpipeincipvpn_firmware
9.1.2:r165
fatpipeincipvpn_firmware
9.1.2:r180p2
fatpipeincipvpn_firmware
9.1.2:r185
fatpipeincipvpn_firmware
10.1.2:r60p10
fatpipeincipvpn_firmware
10.1.2:r60p13
fatpipeincipvpn_firmware
10.1.2:r60p32
fatpipeincipvpn_firmware
10.1.2:r60p35
fatpipeincipvpn_firmware
10.1.2:r60p45
fatpipeincipvpn_firmware
10.1.2:r60p55
fatpipeincipvpn_firmware
10.1.2:r60p58
fatpipeincipvpn_firmware
10.1.2:r60p58s1
fatpipeincipvpn_firmware
10.1.2:r60p65
fatpipeincipvpn_firmware
10.1.2:r60p71
fatpipeincipvpn_firmware
10.1.2:r60p82
fatpipeincipvpn_firmware
10.2.2:r10
fatpipeincipvpn_firmware
10.2.2:r25
fatpipeincipvpn_firmware
10.2.2:r38
fatpipeincwarp_firmware
5.2.0:r34
fatpipeincwarp_firmware
6.1.2:r70p26
fatpipeincwarp_firmware
6.1.2:r70p45-m
fatpipeincwarp_firmware
6.1.2:r70p75-m
fatpipeincwarp_firmware
7.1.2:r39
fatpipeincwarp_firmware
9.1.2:r129
fatpipeincwarp_firmware
9.1.2:r144
fatpipeincwarp_firmware
9.1.2:r150
fatpipeincwarp_firmware
9.1.2:r156
fatpipeincwarp_firmware
9.1.2:r161p12
fatpipeincwarp_firmware
9.1.2:r161p16
fatpipeincwarp_firmware
9.1.2:r161p17
fatpipeincwarp_firmware
9.1.2:r161p2
fatpipeincwarp_firmware
9.1.2:r161p20
fatpipeincwarp_firmware
9.1.2:r161p26
fatpipeincwarp_firmware
9.1.2:r161p3
fatpipeincwarp_firmware
9.1.2:r164
fatpipeincwarp_firmware
9.1.2:r164p4
fatpipeincwarp_firmware
9.1.2:r164p5
fatpipeincwarp_firmware
9.1.2:r165
fatpipeincwarp_firmware
9.1.2:r180p2
fatpipeincwarp_firmware
9.1.2:r185
fatpipeincwarp_firmware
10.1.2:r60p10
fatpipeincwarp_firmware
10.1.2:r60p13
fatpipeincwarp_firmware
10.1.2:r60p32
fatpipeincwarp_firmware
10.1.2:r60p35
fatpipeincwarp_firmware
10.1.2:r60p45
fatpipeincwarp_firmware
10.1.2:r60p55
fatpipeincwarp_firmware
10.1.2:r60p58
fatpipeincwarp_firmware
10.1.2:r60p58s1
fatpipeincwarp_firmware
10.1.2:r60p65
fatpipeincwarp_firmware
10.1.2:r60p71
fatpipeincwarp_firmware
10.1.2:r60p82
fatpipeincwarp_firmware
10.2.2:r10
fatpipeincwarp_firmware
10.2.2:r25
fatpipeincwarp_firmware
10.2.2:r38
fatpipeincmpvpn_firmware
5.2.0:r34
fatpipeincmpvpn_firmware
6.1.2:r70p26
fatpipeincmpvpn_firmware
6.1.2:r70p45-m
fatpipeincmpvpn_firmware
6.1.2:r70p75-m
fatpipeincmpvpn_firmware
7.1.2:r39
fatpipeincmpvpn_firmware
9.1.2:r129
fatpipeincmpvpn_firmware
9.1.2:r144
fatpipeincmpvpn_firmware
9.1.2:r150
fatpipeincmpvpn_firmware
9.1.2:r156
fatpipeincmpvpn_firmware
9.1.2:r161p12
fatpipeincmpvpn_firmware
9.1.2:r161p16
fatpipeincmpvpn_firmware
9.1.2:r161p17
fatpipeincmpvpn_firmware
9.1.2:r161p2
fatpipeincmpvpn_firmware
9.1.2:r161p20
fatpipeincmpvpn_firmware
9.1.2:r161p26
fatpipeincmpvpn_firmware
9.1.2:r161p3
fatpipeincmpvpn_firmware
9.1.2:r164
fatpipeincmpvpn_firmware
9.1.2:r164p4
fatpipeincmpvpn_firmware
9.1.2:r164p5
fatpipeincmpvpn_firmware
9.1.2:r165
fatpipeincmpvpn_firmware
9.1.2:r180p2
fatpipeincmpvpn_firmware
9.1.2:r185
fatpipeincmpvpn_firmware
10.1.2:r60p10
fatpipeincmpvpn_firmware
10.1.2:r60p13
fatpipeincmpvpn_firmware
10.1.2:r60p32
fatpipeincmpvpn_firmware
10.1.2:r60p35
fatpipeincmpvpn_firmware
10.1.2:r60p45
fatpipeincmpvpn_firmware
10.1.2:r60p55
fatpipeincmpvpn_firmware
10.1.2:r60p58
fatpipeincmpvpn_firmware
10.1.2:r60p58s1
fatpipeincmpvpn_firmware
10.1.2:r60p65
fatpipeincmpvpn_firmware
10.1.2:r60p71
fatpipeincmpvpn_firmware
10.1.2:r60p82
fatpipeincmpvpn_firmware
10.2.2:r10
fatpipeincmpvpn_firmware
10.2.2:r25
fatpipeincmpvpn_firmware
10.2.2:r38
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.fatpipeinc.com/support/cve-list.php
https://www.ic3.gov/Media/News/2021/211117-2.pdf
https://www.fatpipeinc.com/support/cve-list.php
https://www.ic3.gov/Media/News/2021/211117-2.pdf