CVE-2021-27855

Summary

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.

Affected Software

VendorProductVersion RangeStatus
FatPipeWARP10.1 < 10.1.2r60p91affected
FatPipeWARP10.2 < 10.2.2r42affected
FatPipeIPVPN10.1 < 10.1.2r60p91affected
FatPipeIPVPN10.2 < 10.2.2r42affected
FatPipeMPVPN10.1 < 10.1.2r60p91affected
FatPipeMPVPN10.2 < 10.2.2r42affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References