A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote attacker to access at least the URL "/fpui/jsp/index.jsp" leading to unknown impact, presumably some violation of confidentiality. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA004.
References
Link | Resource |
---|---|
https://www.fatpipeinc.com/support/cve-list.php | Vendor Advisory |
https://www.zeroscience.mk/codes/fatpipe_auth.txt | Third Party Advisory |
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php | Third Party Advisory |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
History
No history.
Information
Published : 2021-12-15 20:15
Updated : 2024-02-28 18:48
NVD link : CVE-2021-27858
Mitre link : CVE-2021-27858
CVE.ORG link : CVE-2021-27858
JSON object : View
Products Affected
fatpipeinc
- mpvpn
- ipvpn
- mpvpn_firmware
- warp_firmware
- warp
- ipvpn_firmware
CWE
CWE-862
Missing Authorization