CVE-2021-27860 Information

Description

A vulnerability in the web management interface of FatPipe WARP IPVPN and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

https://www.fatpipeinc.com/support/cve-list.php https://www.ic3.gov/Media/News/2021/211117-2.pdf

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8