CVE-2021-27859

Опубликовано: 15 дек. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.5

EPSS Низкий

Описание

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

Ссылки

https://www.fatpipeinc.com/support/cve-list.php
Vendor Advisory
https://www.zeroscience.mk/codes/fatpipe_csrf.txt
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php
Third Party Advisory
https://www.fatpipeinc.com/support/cve-list.php
Vendor Advisory
https://www.zeroscience.mk/codes/fatpipe_csrf.txt
Third Party Advisory
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*

cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

Одно из

cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*

cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

Одно из

cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*

cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*

cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*

EPSS

Процентиль: 73%

0.00752

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-862

Связанные уязвимости

GHSA-fr6w-vm34-xj98

github

около 4 лет назад

EPSS

Процентиль: 73%

0.00752

Низкий

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-862