CVE-2021-27860
9.8
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| FatPipe | WARP | 10.1 < 10.1.2r60p92 | affected |
| FatPipe | WARP | 10.2 < 10.2.2r44p1 | affected |
| FatPipe | IPVPN | 10.1 < 10.1.2r60p92 | affected |
| FatPipe | IPVPN | 10.2 < 10.2.2r44p1 | affected |
| FatPipe | MPVPN | 10.1 < 10.1.2r60p92 | affected |
| FatPipe | MPVPN | 10.2 < 10.2.2r44p1 | affected |
Weaknesses
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: yes
- Technical Impact: total
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.