{"containers": {"cna": {"title": "Arbitrary file upload vulnerability in FatPipe software", "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."}], "affected": [{"vendor": "FatPipe", "product": "WARP", "versions": [{"version": "10.1", "status": "affected", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"version": "10.2", "status": "affected", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}, {"vendor": "FatPipe", "product": "IPVPN", "versions": [{"version": "10.1", "status": "affected", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"version": "10.2", "status": "affected", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}, {"vendor": "FatPipe", "product": "MPVPN", "versions": [{"version": "10.1", "status": "affected", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"version": "10.2", "status": "affected", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}], "references": [{"url": "https://www.fatpipeinc.com/support/cve-list.php"}, {"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"}], "datePublic": "2021-11-16T00:00:00.000Z", "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}], "source": {"advisory": "FPSA006", "discovery": "USER"}, "x_generator": {"engine": "cveClient/1.0.15"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2021-11-16T00:00:00.000Z", "ID": "CVE-2021-27860", "STATE": "PUBLIC", "TITLE": "Arbitrary file upload vulnerability in FatPipe software"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WARP", "version": {"version_data": [{"version_affected": "<", "version_name": "10.1", "version_value": "10.1.2r60p92"}, {"version_affected": "<", "version_name": "10.2", "version_value": "10.2.2r44p1"}]}}, {"product_name": "IPVPN", "version": {"version_data": [{"version_affected": "<", "version_name": "10.1", "version_value": "10.1.2r60p92"}, {"version_affected": "<", "version_name": "10.2", "version_value": "10.2.2r44p1"}]}}, {"product_name": "MPVPN", "version": {"version_data": [{"version_affected": "<", "version_name": "10.1", "version_value": "10.1.2r60p92"}, {"version_affected": "<", "version_name": "10.2", "version_value": "10.2.2r44p1"}]}}]}, "vendor_name": "FatPipe"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}}, "references": {"reference_data": [{"name": "https://www.fatpipeinc.com/support/cve-list.php", "refsource": "CONFIRM", "url": "https://www.fatpipeinc.com/support/cve-list.php"}, {"name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf", "refsource": "MISC", "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"}]}, "source": {"advisory": "FPSA006", "discovery": "USER"}}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-10-13T15:04:56.650Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.927Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.fatpipeinc.com/support/cve-list.php", "tags": ["x_transferred"]}, {"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-27860", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T19:32:03.032241Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "timeline": [{"time": "2022-01-10T00:00:00.000Z", "lang": "en", "value": "CVE-2021-27860 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:25:23.273Z"}}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2021-27860", "datePublished": "2021-12-08T16:15:48.319Z", "dateReserved": "2021-03-01T00:00:00.000Z", "dateUpdated": "2025-10-21T23:25:23.273Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.fatpipeinc.com/support/cve-list.php", "tags": ["x_transferred"]}, {"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:15.927Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2021-27860", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T19:32:03.032241Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-01-10", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"}}}], "timeline": [{"lang": "en", "time": "2022-01-10T00:00:00.000Z", "value": "CVE-2021-27860 added to CISA KEV"}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T19:32:13.974Z"}}], "cna": {"title": "Arbitrary file upload vulnerability in FatPipe software", "source": {"advisory": "FPSA006", "discovery": "USER"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "FatPipe", "product": "WARP", "versions": [{"status": "affected", "version": "10.1", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"status": "affected", "version": "10.2", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}, {"vendor": "FatPipe", "product": "IPVPN", "versions": [{"status": "affected", "version": "10.1", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"status": "affected", "version": "10.2", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}, {"vendor": "FatPipe", "product": "MPVPN", "versions": [{"status": "affected", "version": "10.1", "lessThan": "10.1.2r60p92", "versionType": "custom"}, {"status": "affected", "version": "10.2", "lessThan": "10.2.2r44p1", "versionType": "custom"}]}], "datePublic": "2021-11-16T00:00:00.000Z", "references": [{"url": "https://www.fatpipeinc.com/support/cve-list.php"}, {"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"}], "x_generator": {"engine": "cveClient/1.0.15"}, "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2023-10-13T15:04:56.650Z"}, "x_legacyV4Record": {"impact": {"cvss": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, "source": {"advisory": "FPSA006", "discovery": "USER"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_name": "10.1", "version_value": "10.1.2r60p92", "version_affected": "<"}, {"version_name": "10.2", "version_value": "10.2.2r44p1", "version_affected": "<"}]}, "product_name": "WARP"}, {"version": {"version_data": [{"version_name": "10.1", "version_value": "10.1.2r60p92", "version_affected": "<"}, {"version_name": "10.2", "version_value": "10.2.2r44p1", "version_affected": "<"}]}, "product_name": "IPVPN"}, {"version": {"version_data": [{"version_name": "10.1", "version_value": "10.1.2r60p92", "version_affected": "<"}, {"version_name": "10.2", "version_value": "10.2.2r44p1", "version_affected": "<"}]}, "product_name": "MPVPN"}]}, "vendor_name": "FatPipe"}]}}, "data_type": "CVE", "generator": {"engine": "Vulnogram 0.0.9"}, "references": {"reference_data": [{"url": "https://www.fatpipeinc.com/support/cve-list.php", "name": "https://www.fatpipeinc.com/support/cve-list.php", "refsource": "CONFIRM"}, {"url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf", "name": "https://www.ic3.gov/Media/News/2021/211117-2.pdf", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-27860", "STATE": "PUBLIC", "TITLE": "Arbitrary file upload vulnerability in FatPipe software", "ASSIGNER": "cert@cert.org", "DATE_PUBLIC": "2021-11-16T00:00:00.000Z"}}}}, "cveMetadata": {"cveId": "CVE-2021-27860", "state": "PUBLISHED", "dateUpdated": "2025-10-21T23:25:23.273Z", "dateReserved": "2021-03-01T00:00:00.000Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2021-12-08T16:15:48.319Z", "assignerShortName": "certcc"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-01-24", "cisaExploitAdd": "2022-01-10", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:5.2.0:r34:*:*:*:*:*:*", "matchCriteriaId": "C11DB09F-2C14-470E-88B9-19AA1CB9D13A", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*", "matchCriteriaId": "8B1511DD-B05D-4441-9FEE-4AE5B99AD765", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "matchCriteriaId": "A544091F-16BB-4942-8C5D-78BAB27763D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "matchCriteriaId": "CF6314CA-0BC5-4EA8-8169-5A3AA83EDC2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:7.1.2:r39:*:*:*:*:*:*", "matchCriteriaId": "FE36BBDB-5A65-4F61-8749-883E59300639", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r129:*:*:*:*:*:*", "matchCriteriaId": "A79A392B-0607-4C83-8D1F-45F99354CF93", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r144:*:*:*:*:*:*", "matchCriteriaId": "39FD234C-69BF-4A59-A5B6-BA962D4A86EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r150:*:*:*:*:*:*", "matchCriteriaId": "1A2B1AB1-BF7C-4BD6-819A-A71340D00BD0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r156:*:*:*:*:*:*", "matchCriteriaId": "6C72012D-F06D-40BB-B361-44CE980C7B4D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*", "matchCriteriaId": "961268B1-E804-4291-AA38-F2905B98285F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*", "matchCriteriaId": "87F0BAD3-7145-496C-823D-C035AB73D5CB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*", "matchCriteriaId": "86FA270B-1EEF-4506-B3F8-0019E1965E12", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*", "matchCriteriaId": "D6DAAB93-C2E9-4097-BB7E-A22C37860302", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*", "matchCriteriaId": "BD8347A2-BAF5-420D-A52A-2A7B1BFE5619", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*", "matchCriteriaId": "FF28B01F-9E9C-4703-9418-5CDA93305885", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*", "matchCriteriaId": "EA076D5B-9EDA-4DCB-BF15-5C361DE6F975", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164:*:*:*:*:*:*", "matchCriteriaId": "63B936C2-F61D-4E75-B7F7-4DD4A9735FB2", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*", "matchCriteriaId": "54ED4A12-F805-4A79-B083-0473BD5003EC", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*", "matchCriteriaId": "BFEE2206-4D60-4C9E-A874-A4F23FF59059", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r165:*:*:*:*:*:*", "matchCriteriaId": "77D045E8-12A8-4EDF-A423-F840CB2CF0AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*", "matchCriteriaId": "9A22D90B-E219-47A3-8396-820CD58A052A", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:9.1.2:r185:*:*:*:*:*:*", "matchCriteriaId": "682F18C0-D9CD-44BC-8C72-A50F4B4741CF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*", "matchCriteriaId": "22CA1387-CD4F-45AE-A9CC-68E5538CDA49", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*", "matchCriteriaId": "5E46BE6C-734A-4D81-9BFB-24160B9A2477", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*", "matchCriteriaId": "BC05A847-376E-48C1-B7BC-1095610FF846", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*", "matchCriteriaId": "74A68C7C-DF85-4EB4-85EE-C98646D5C46F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*", "matchCriteriaId": "57876C43-071C-46FE-9A40-779F95DDCA93", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*", "matchCriteriaId": "30503A37-B4CB-45FF-81E6-9967BEEB1A5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*", "matchCriteriaId": "C44ABAF5-2B4C-4C44-8BF5-4F15E35BAD84", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "matchCriteriaId": "CDBC02C3-09AF-4AD7-B1D6-D4C82DFD7BAF", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*", "matchCriteriaId": "A12609EA-15AD-4215-9662-A93906593DB1", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*", "matchCriteriaId": "A34C4419-C0AB-4A10-A5A3-E9DCD1A69B6D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*", "matchCriteriaId": "234EE25D-AEAF-4D3F-B1B8-BEDFBB93CA61", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r10:*:*:*:*:*:*", "matchCriteriaId": "D29250D9-4635-4BBB-9D1C-289C7ADFEAE5", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r25:*:*:*:*:*:*", "matchCriteriaId": "F8BD7D98-B18F-4FB9-B63D-7298033D8F38", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:ipvpn_firmware:10.2.2:r38:*:*:*:*:*:*", "matchCriteriaId": "4BFBA83C-C03A-4C5E-ACBC-8BEC41B901F7", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fatpipeinc:ipvpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "D0CAF1D0-9EC6-4959-973C-6C37E3B2E6E0", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:5.2.0:r34:*:*:*:*:*:*", "matchCriteriaId": "2779B6CB-CF0B-444A-A658-CB8D550FD147", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p26:*:*:*:*:*:*", "matchCriteriaId": "A8D0375A-3A01-445E-A95C-7E476CD4047E", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "matchCriteriaId": "F9B63E36-32CA-4818-8BAC-5862188DFE6F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "matchCriteriaId": "8495282B-C4C3-44FE-8D6F-00AD59662A24", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:7.1.2:r39:*:*:*:*:*:*", "matchCriteriaId": "5A2CBBCD-5D2E-4349-889A-F3F20ABDC1A0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r129:*:*:*:*:*:*", "matchCriteriaId": "18525C9D-D44D-4E0C-98A1-2389C257FFC2", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r144:*:*:*:*:*:*", "matchCriteriaId": "C4E22F42-D478-4E30-AD9C-50A4E799940B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r150:*:*:*:*:*:*", "matchCriteriaId": "AD864580-CF91-412C-A62E-3E7252DF91FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r156:*:*:*:*:*:*", "matchCriteriaId": "A14E5ABD-D2D4-4758-B18B-3CA0323D9518", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p12:*:*:*:*:*:*", "matchCriteriaId": "C8EB1872-FE49-48EE-AF78-9373780F7D93", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p16:*:*:*:*:*:*", "matchCriteriaId": "B11060EA-6755-4FC3-A305-E944861EDDB4", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p17:*:*:*:*:*:*", "matchCriteriaId": "A20EF491-1355-4489-A839-69B46C70CC7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p2:*:*:*:*:*:*", "matchCriteriaId": "E4C0EABF-3D71-4EC9-B400-A4F043745B3C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p20:*:*:*:*:*:*", "matchCriteriaId": "D99D631C-1596-4A7F-BF10-E69A1EB35C55", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p26:*:*:*:*:*:*", "matchCriteriaId": "7ECBD142-1C63-4FA1-BF2F-7DEE7730FC15", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r161p3:*:*:*:*:*:*", "matchCriteriaId": "645624F5-234D-4950-9385-7151C47C8621", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164:*:*:*:*:*:*", "matchCriteriaId": "C387783D-8402-46F2-AF87-73E8CD5BE097", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p4:*:*:*:*:*:*", "matchCriteriaId": "040AF513-BC93-4B5F-A10A-915E4A711C1B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r164p5:*:*:*:*:*:*", "matchCriteriaId": "7688DC18-49BE-4F9C-A8B9-A5F84C093D17", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r165:*:*:*:*:*:*", "matchCriteriaId": "AF508B6C-23B7-444E-A9F4-400CA4D85431", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r180p2:*:*:*:*:*:*", "matchCriteriaId": "1E80C09C-42A5-4AD2-9DEA-EB64AED72246", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:9.1.2:r185:*:*:*:*:*:*", "matchCriteriaId": "05E59433-8420-451C-AA76-78AF013F7AFA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p10:*:*:*:*:*:*", "matchCriteriaId": "7A480CA1-79C6-43C3-B142-BD30FE00EA95", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p13:*:*:*:*:*:*", "matchCriteriaId": "36582BDF-9829-495C-A027-9F0F1DE78093", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p32:*:*:*:*:*:*", "matchCriteriaId": "66D454E0-7E23-494C-BBCB-D56FF3FAD754", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p35:*:*:*:*:*:*", "matchCriteriaId": "2B577293-9B56-44A5-A91C-8B2D885B0B7D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p45:*:*:*:*:*:*", "matchCriteriaId": "76EC4FBC-48B9-46A7-93D6-F6812A25CC1F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p55:*:*:*:*:*:*", "matchCriteriaId": "143AAD4E-163B-4D30-9A5B-2ED6A48681C1", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58:*:*:*:*:*:*", "matchCriteriaId": "1820F183-B5D5-4828-93D7-CEC6B7FE0176", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "matchCriteriaId": "F8D59DA4-8DF8-46D2-A77C-7785BD253168", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p65:*:*:*:*:*:*", "matchCriteriaId": "1D7E2B2B-798F-4A39-BA9E-FAD53AC561D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p71:*:*:*:*:*:*", "matchCriteriaId": "B418905D-675D-4E3D-840F-45F2C3FF1855", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.1.2:r60p82:*:*:*:*:*:*", "matchCriteriaId": "BB2984C2-9C12-4926-BF31-AE064AAE9F45", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r10:*:*:*:*:*:*", "matchCriteriaId": "2F614A03-CAF0-43EB-BAF4-E0A9EA1CF522", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r25:*:*:*:*:*:*", "matchCriteriaId": "8068BA02-8996-436D-B9DF-373AECF61A45", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:warp_firmware:10.2.2:r38:*:*:*:*:*:*", "matchCriteriaId": "C56FE165-AFA7-4E47-9BB3-3326086D5C45", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fatpipeinc:warp:-:*:*:*:*:*:*:*", "matchCriteriaId": "F56A62D9-6FE7-4062-9D83-75BFE14A0E83", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:5.2.0:r34:*:*:*:*:*:*", "matchCriteriaId": "6CC854BA-4F7B-482F-B13F-B16E99C00ECD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p26:*:*:*:*:*:*", "matchCriteriaId": "B0F4857C-0262-4D50-A209-B731CE4DE4C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p45-m:*:*:*:*:*:*", "matchCriteriaId": "00BDFE07-2443-4B79-A9CB-F3F03A0AA313", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:6.1.2:r70p75-m:*:*:*:*:*:*", "matchCriteriaId": "CD497063-FA78-4AAC-807F-C03771781D15", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:7.1.2:r39:*:*:*:*:*:*", "matchCriteriaId": "2D5E161C-B6B6-40E8-B0E8-AEB72998119E", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r129:*:*:*:*:*:*", "matchCriteriaId": "2EA6CD57-2FC4-4D38-B3BC-2BE458672BC3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r144:*:*:*:*:*:*", "matchCriteriaId": "5D6D61B6-78CF-47A5-B18D-394803F768B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r150:*:*:*:*:*:*", "matchCriteriaId": "8FAB00D7-319D-4628-819E-608A4392E901", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r156:*:*:*:*:*:*", "matchCriteriaId": "58B8C748-C873-4611-9D25-FF73439F6559", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p12:*:*:*:*:*:*", "matchCriteriaId": "0FBE83D2-96E7-489E-A7A1-D02193D022A2", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p16:*:*:*:*:*:*", "matchCriteriaId": "532021A2-9D2C-4365-AA76-8B9F1E3401D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p17:*:*:*:*:*:*", "matchCriteriaId": "561F487C-3FCE-4F68-ADEF-61A807E18A2B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p2:*:*:*:*:*:*", "matchCriteriaId": "44135F5A-96DC-471E-9A7C-48EA124E5DBB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p20:*:*:*:*:*:*", "matchCriteriaId": "34A8EC2F-BB91-448E-B21C-2D7822CA04F2", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p26:*:*:*:*:*:*", "matchCriteriaId": "20810603-1A08-4AEE-A6C5-EFEDB3C923BC", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r161p3:*:*:*:*:*:*", "matchCriteriaId": "37C5C6DC-5FBA-4D8D-ADEF-F8DB232001C6", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164:*:*:*:*:*:*", "matchCriteriaId": "12B67BB1-3943-4F30-8470-FF3E446F5E3F", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p4:*:*:*:*:*:*", "matchCriteriaId": "72F686C1-E970-41CF-A5F6-842E0B15D85E", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r164p5:*:*:*:*:*:*", "matchCriteriaId": "19E99ECD-6D6C-4290-9D41-47CFA9373B41", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r165:*:*:*:*:*:*", "matchCriteriaId": "D9D58BE6-BE5C-48A2-AE61-FFC0612AEFB0", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r180p2:*:*:*:*:*:*", "matchCriteriaId": "072EF984-3F4F-44ED-BFE4-78E063B474BB", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:9.1.2:r185:*:*:*:*:*:*", "matchCriteriaId": "DAD39775-38AC-439A-96F4-7DAD9A2E1537", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p10:*:*:*:*:*:*", "matchCriteriaId": "AC62B752-36D4-4F2F-ACA0-4D693FC6315C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p13:*:*:*:*:*:*", "matchCriteriaId": "239431AD-427E-40C9-9DEA-F4B2B8734529", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p32:*:*:*:*:*:*", "matchCriteriaId": "40E8F365-0C9D-473F-A5F6-E05872B3A925", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p35:*:*:*:*:*:*", "matchCriteriaId": "597A3F8A-1538-4B71-8D4D-2966F49E023B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p45:*:*:*:*:*:*", "matchCriteriaId": "F2991483-7274-4FA9-AA96-7BD0C2715FCC", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p55:*:*:*:*:*:*", "matchCriteriaId": "23CA58A4-64A3-47B7-A4A0-8A6D9513A16C", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58:*:*:*:*:*:*", "matchCriteriaId": "22A27D18-8022-4B5C-9314-A087674C14A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p58s1:*:*:*:*:*:*", "matchCriteriaId": "C11B36AB-043E-4DE8-AFCC-92E3092C0E26", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p65:*:*:*:*:*:*", "matchCriteriaId": "39FEF22E-F568-40E6-8BBF-D52600DE082D", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p71:*:*:*:*:*:*", "matchCriteriaId": "1D9DF278-ECE1-4530-BCE4-95266340BE47", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.1.2:r60p82:*:*:*:*:*:*", "matchCriteriaId": "11649A08-A14B-46C8-97DB-9EB5FB7BF25B", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r10:*:*:*:*:*:*", "matchCriteriaId": "D23782A1-EA7E-4B22-8943-F69510673CBA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r25:*:*:*:*:*:*", "matchCriteriaId": "F7B5F773-EC27-475A-ADE3-E4A33D1DFA64", "vulnerable": true}, {"criteria": "cpe:2.3:o:fatpipeinc:mpvpn_firmware:10.2.2:r38:*:*:*:*:*:*", "matchCriteriaId": "60D7B24F-0075-4362-9F07-A0C55F07FA9F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:fatpipeinc:mpvpn:-:*:*:*:*:*:*:*", "matchCriteriaId": "11AA0180-8172-4021-AADF-7BAB1CA1BA96", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web del software FatPipe WARP, IPVPN y MPVPN anterior a las versiones 10.1.2r60p92 y 10.2.2r44p1 permite a un atacante remoto no autentificado cargar un archivo en cualquier ubicaci\u00f3n del sistema de archivos. El identificador del aviso de FatPipe para esta vulnerabilidad es FPSA006"}], "id": "CVE-2021-27860", "lastModified": "2025-10-24T14:13:36.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "cret@cert.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-12-08T17:15:10.800", "references": [{"source": "cret@cert.org", "tags": ["Vendor Advisory"], "url": "https://www.fatpipeinc.com/support/cve-list.php"}, {"source": "cret@cert.org", "tags": ["Exploit", "Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.fatpipeinc.com/support/cve-list.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Mitigation", "Third Party Advisory", "US Government Resource"], "url": "https://www.ic3.gov/Media/News/2021/211117-2.pdf"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}