CVE-2021-27860

9.8

CRITICAL

FatPipe WARP, IPVPN, and MPVPN Configuration Uploa - [Actively Exploited]

Description

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

INFO

Published Date :

Dec. 8, 2021, 5:15 p.m.

Last Modified :

July 24, 2024, 4:53 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

5.9

Exploitability Score :

3.9

CISA Notification

CISA KEV (Known Exploited Vulnerabilities)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild.

Due Date: Jan 24, 2022

Alert Date: Jan 10, 2022 | 984 days ago

Description :

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

Required Action :

Apply updates per vendor instructions.

Public PoC/Exploit Available at Github

CVE-2021-27860 has a 1 public PoC/Exploit available at Github. Go to the Public Exploits tab to see the list.

Affected Products

The following products are affected by CVE-2021-27860 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Fatpipeinc	ipvpn_firmware
2	Fatpipeinc	warp_firmware
3	Fatpipeinc	mpvpn_firmware
4	Fatpipeinc	ipvpn
5	Fatpipeinc	warp
6	Fatpipeinc	mpvpn

: Total Affected Vendor : 1 | Products : 6

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-27860.

URL	Resource
https://www.fatpipeinc.com/support/cve-list.php	Vendor Advisory
https://www.ic3.gov/Media/News/2021/211117-2.pdf	Exploit Mitigation Third Party Advisory US Government Resource

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Ostorlab/KEV

Ostorlab KEV: One-command to detect most remotely known exploitable vulnerabilities. Sourced from CISA KEV, Google's Tsunami, Ostorlab's Asteroid and Bug Bounty programs.

cisa-kev vulnerability 0day cisa exploits

Updated: 1 week, 6 days ago

516 stars 32 fork 32 watcher

Born at : April 19, 2022, 8:58 a.m. This repo has been linked 1181 different CVEs too.

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-27860 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-27860 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

Modified Analysis by [email protected]

Jul. 24, 2024

Action	Type	Old Value	New Value
Changed	Reference Type	https://www.ic3.gov/Media/News/2021/211117-2.pdf Third Party Advisory, US Government Resource	https://www.ic3.gov/Media/News/2021/211117-2.pdf Exploit, Mitigation, Third Party Advisory, US Government Resource
Changed	CPE Configuration	AND OR cpe:2.3:h:fatpipeinc:ipvpn:-:::::::* OR cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38::::::*	AND OR cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:ipvpn:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:h:fatpipeinc:warp:-:::::::* OR cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38::::::*	AND OR cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:warp:-:::::::*
Changed	CPE Configuration	AND OR cpe:2.3:h:fatpipeinc:mpvpn:-:::::::* OR cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38::::::*	AND OR cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:mpvpn:-:::::::*

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value
CVE Modified by [email protected]

Oct. 13, 2023

Action Type Old Value New Value

Removed CWE CERT/CC CWE-434
Modified Analysis by [email protected]

Apr. 06, 2022

Action Type Old Value New Value

Action	Type	Old Value	New Value
Removed	CWE	CERT/CC CWE-434

CVE Modified by [email protected]

Dec. 15, 2021

Action	Type	Old Value	New Value
Changed	Description	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 could allow a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.	A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Removed	Reference	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php [Exploit, Third Party Advisory]

Initial Analysis by [email protected]

Dec. 13, 2021

Action	Type	Old Value	New Value
Added	CVSS V2 Metadata		Victim must voluntarily interact with attack mechanism
Added	CVSS V2		NIST (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Added	CVSS V3.1		NIST AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Changed	Reference Type	https://www.fatpipeinc.com/support/cve-list.php No Types Assigned	https://www.fatpipeinc.com/support/cve-list.php Vendor Advisory
Changed	Reference Type	https://www.ic3.gov/Media/News/2021/211117-2.pdf No Types Assigned	https://www.ic3.gov/Media/News/2021/211117-2.pdf Third Party Advisory, US Government Resource
Changed	Reference Type	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php No Types Assigned	https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php Exploit, Third Party Advisory
Added	CWE		NIST CWE-434
Added	CPE Configuration		AND OR cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:ipvpn:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:warp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25::::::* cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38::::::* OR cpe:2.3:h:fatpipeinc:mpvpn:-:::::::*

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-27860 is associated with the following CWEs:

CWE-434: Unrestricted Upload of File with Dangerous Type

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-27860 weaknesses.

CAPEC-1: Accessing Functionality Not Properly Constrained by ACLs Accessing Functionality Not Properly Constrained by ACLs

CVE-2021-27860

FatPipe WARP, IPVPN, and MPVPN Configuration Uploa - [Actively Exploited]

Description

INFO

Dec. 8, 2021, 5:15 p.m.

July 24, 2024, 4:53 p.m.

[email protected]

Yes !

5.9

3.9

CISA KEV (Known Exploited Vulnerabilities)

Public PoC/Exploit Available at Github

Affected Products

References to Advisories, Solutions, and Tools

Ostorlab/KEV

Modified Analysis by [email protected]

CVE Modified by [email protected]

CVE Modified by [email protected]

Modified Analysis by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

26.78 }} -1.74%

0.96835

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable