CVE-2021-27860

Summary

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

Affected Software

VendorProductVersion RangeStatus
FatPipeWARP10.1 < 10.1.2r60p92affected
FatPipeWARP10.2 < 10.2.2r44p1affected
FatPipeIPVPN10.1 < 10.1.2r60p92affected
FatPipeIPVPN10.2 < 10.2.2r44p1affected
FatPipeMPVPN10.1 < 10.1.2r60p92affected
FatPipeMPVPN10.2 < 10.2.2r44p1affected

Weaknesses

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: total

Additional References

References