Vulnerability Details CVE-2021-27860
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.421
EPSS Ranking 97.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 9.3
Proposed Action
A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
Ransomware Campaign
Unknown
References
Products affected by CVE-2021-27860
-
cpe:2.3:h:fatpipeinc:ipvpn:-
-
cpe:2.3:h:fatpipeinc:mpvpn:-
-
cpe:2.3:h:fatpipeinc:warp:-
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2
-
cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2
-
cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2
-
cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2
-
cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2
-
cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0
-
cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2
-
cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2
-
cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2