CVE-2021-27860

high

Description

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

References

https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a

https://fortifydata.com/blog/cve-2019-1653-cve-2019-1652-cve-2021-40539-cve-2021-27860-volt-typhoon/

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-144a

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://www.ic3.gov/Media/News/2021/211117-2.pdf

https://www.tenable.com/blog/volt-typhoon-cybersecurity-advisory

https://www.fatpipeinc.com/support/cve-list.php

Details

Source: Mitre, NVD

Published: 2021-12-08

Updated: 2025-04-02

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.42124