CVE-2021-27855
HIGH EXPLOITEDFatPipe <10.1.2r60p91 and 10.2.2r42 - Privilege Escalation
Title source: llmExploitation Summary
CVE-2021-27855 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php
Vendor Advisory x_refsource_confirm
https://www.fatpipeinc.com/support/cve-list.php
Third Party Advisory x_refsource_misc
https://www.zeroscience.mk/codes/fatpipe_privesc.txt
Scores
CVSS v3
8.8
EPSS
0.0160
EPSS Percentile
72.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2023-12-02
CWE
CWE-862
Status
published
Products (10)
fatpipeinc/ipvpn_firmware
5.2.0 r34
fatpipeinc/ipvpn_firmware
6.1.2 r70p26 (3 CPE variants)
fatpipeinc/ipvpn_firmware
7.1.2 r39
fatpipeinc/ipvpn_firmware
9.1.2 r129 (17 CPE variants)
fatpipeinc/ipvpn_firmware
10.1.2 r60p10 (11 CPE variants)
fatpipeinc/ipvpn_firmware
10.2.2 r10 (3 CPE variants)
fatpipeinc/mpvpn_firmware
5.2.0 r34
fatpipeinc/mpvpn_firmware
6.1.2 r70p26 (3 CPE variants)
fatpipeinc/mpvpn_firmware
7.1.2 r39
fatpipeinc/mpvpn_firmware
9.1.2 r129 (9 CPE variants)
Published
Dec 15, 2021
Tracked Since
Feb 18, 2026