PT-2021-17639 · Fatpipe · Fatpipe Warp+2
Gjoko Krstic
·
Published
2021-12-15
·
Updated
2022-10-29
·
CVE-2021-27855
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
FatPipe WARP, IPVPN, and MPVPN software versions prior to 10.1.2r60p91 and 10.2.2r42
Description:
The issue allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of the software may also be vulnerable.
Recommendations:
For versions prior to 10.1.2r60p91, update to version 10.1.2r60p91 or later.
For versions prior to 10.2.2r42, update to version 10.2.2r42 or later.
As a temporary workaround, consider restricting access to administrative privileges until a patch is available.
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fatpipe Warp
Ipvpn
Mpvpn