PT-2021-17640 · Fatpipe · Fatpipe Warp+2

Gjoko Krstic

Published

2021-12-15

Updated

2022-07-12

CVE-2021-27856

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: FatPipe WARP, IPVPN, and MPVPN software versions prior to 10.1.2r60p91 and 10.2.2r42

Description: The issue concerns an account named cmuser that has administrative privileges and no password. This account is present in the affected software versions. Older versions of the software may also be vulnerable.

Recommendations: For versions prior to 10.1.2r60p91, update to version 10.1.2r60p91 or later. For versions prior to 10.2.2r42, update to version 10.2.2r42 or later. As a temporary workaround, consider disabling the cmuser account until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2021-27856

Affected Products

Fatpipe Warp

Ipvpn

Mpvpn

PT-2021-17640 · Fatpipe · Fatpipe Warp+2

CVE-2021-27856

Related Identifiers

Affected Products

References · 6