PT-2021-17641 · Fatpipe · Fatpipe Warp+2

Gjoko Krstic

Published

2021-12-15

Updated

2021-12-21

CVE-2021-27857

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: FatPipe WARP, IPVPN, and MPVPN software versions prior to 10.1.2r60p91 and 10.2.2r42

Description: A missing authorization issue in the web management interface allows a remote, unauthenticated attacker to download a configuration archive. The attacker must know or correctly guess the hostname of the target system, as it is used in the configuration archive file name.

Recommendations: For versions prior to 10.1.2r60p91, update to version 10.1.2r60p91 or later. For versions prior to 10.2.2r42, update to version 10.2.2r42 or later.

Fix

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862

Related Identifiers

CVE-2021-27857

Affected Products

Fatpipe Warp

Ipvpn

Mpvpn

PT-2021-17641 · Fatpipe · Fatpipe Warp+2

CVE-2021-27857

Weakness Enumeration

Related Identifiers

Affected Products

References · 5