CVE-2021-27859

Summary

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

Affected Software

VendorProductVersion RangeStatus
FatPipeWARP10.1 < 10.1.2r60p91affected
FatPipeWARP10.2 < 10.2.2r42affected
FatPipeIPVPN10.1 < 10.1.2r60p91affected
FatPipeIPVPN10.2 < 10.2.2r42affected
FatPipeMPVPN10.1 < 10.1.2r60p91affected
FatPipeMPVPN10.2 < 10.2.2r42affected

Weaknesses

  • CWE-862: CWE-862: Missing Authorization

ADP Enrichment

CVE Program Container

Additional References

References