Vulnerabilities > CVE-2021-27859 - Missing Authorization vulnerability in Fatpipeinc Ipvpn Firmware and Mpvpn Firmware

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

fatpipeinc

CWE-862

NVD

Published: 2021-12-15

Updated: 2021-12-21

Summary

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

Vulnerable Configurations

Part	Description	Count
OS	Fatpipeinc Fatpipeinc Ipvpn Firmware 5.2.0 Fatpipeinc Ipvpn Firmware 6.1.2 Fatpipeinc Ipvpn Firmware 7.1.2 Fatpipeinc Ipvpn Firmware 9.1.2 Fatpipeinc Ipvpn Firmware 10.1.2 Fatpipeinc Ipvpn Firmware 10.2.2 Fatpipeinc Mpvpn Firmware 5.2.0 Fatpipeinc Mpvpn Firmware 6.1.2 Fatpipeinc Mpvpn Firmware 7.1.2 Fatpipeinc Mpvpn Firmware 9.1.2 Fatpipeinc Mpvpn Firmware 10.1.2 Fatpipeinc Mpvpn Firmware 10.2.2 Fatpipeinc Warp Firmware 5.2.0 Fatpipeinc Warp Firmware 6.1.2 Fatpipeinc Warp Firmware 7.1.2 Fatpipeinc Warp Firmware 9.1.2 Fatpipeinc Warp Firmware 10.1.2 Fatpipeinc Warp Firmware 10.2.2	108
Hardware	Fatpipeinc Fatpipeinc Ipvpn - Fatpipeinc Mpvpn - Fatpipeinc Warp -	3

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References