VYPR
Unrated severityNVD Advisory· Published Dec 15, 2021· Updated Sep 16, 2024

Missing authorization vulnerability in FatPipe software

CVE-2021-27859

Description

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows an authenticated, remote attacker with read-only privileges to create an account with administrative privileges. Older versions of FatPipe software may also be vulnerable. This does not appear to be a CSRF vulnerability. The FatPipe advisory identifier for this vulnerability is FPSA005.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Fatpipe/MPVPNllm-fuzzy
    Range: <10.1.2r60p91 and <10.2.2r42
  • Fatpipe/Ipvpnllm-fuzzy2 versions
    <10.1.2r60p91 and <10.2.2r42+ 1 more
    • (no CPE)range: <10.1.2r60p91 and <10.2.2r42
    • (no CPE)range: 10.1
  • Warpdotdev/Warpllm-fuzzy
    Range: <10.1.2r60p91 and <10.2.2r42

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.