CVE-2021-27860

critical-risk
Published 2021-12-08

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

Do I need to act?

!
42.6% chance of exploitation in next 30 days
EPSS score — higher than 57% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (20)

Affected Vendors

Fatpipeinc

References (5)

Vendor Advisory https://www.fatpipeinc.com/support/cve-list.php
Exploit https://www.ic3.gov/Media/News/2021/211117-2.pdf
Vendor Advisory https://www.fatpipeinc.com/support/cve-list.php
Exploit https://www.ic3.gov/Media/News/2021/211117-2.pdf
US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...
86
/ 100
critical-risk
Severity 32/34 · Critical
Exploitability 24/34 · High
Exposure 30/34 · Critical