CVE-2021-27856

CRITICAL EXPLOITED NUCLEI

FatPipe <10.1.2r60p91, 10.2.2r42 - Info Disclosure

Title source: llm

Exploitation Summary

CVE-2021-27856 has been observed exploited in the wild (reported by VulnCheck KEV). A Nuclei detection template is also available.

Description

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA002.

Nuclei Templates (1)

FatPipe WARP/IPVPN/MPVPN - Backdoor Account

CRITICALVERIFIEDby gy741

References (3)

Core 3

Core References

Third Party Advisory x_refsource_misc

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php

Vendor Advisory x_refsource_confirm

https://www.fatpipeinc.com/support/cve-list.php

Third Party Advisory x_refsource_misc

https://www.zeroscience.mk/codes/fatpipe_backdoor.txt

Scores

CVSS v3 9.8

EPSS 0.0560

EPSS Percentile 91.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-05-05

Status published

Products (10)

fatpipeinc/ipvpn_firmware 5.2.0 r34

fatpipeinc/ipvpn_firmware 6.1.2 r70p26 (3 CPE variants)

fatpipeinc/ipvpn_firmware 7.1.2 r39

fatpipeinc/ipvpn_firmware 9.1.2 r129 (17 CPE variants)

fatpipeinc/ipvpn_firmware 10.1.2 r60p10 (11 CPE variants)

fatpipeinc/ipvpn_firmware 10.2.2 r10 (3 CPE variants)

fatpipeinc/mpvpn_firmware 5.2.0 r34

fatpipeinc/mpvpn_firmware 6.1.2 r70p26 (3 CPE variants)

fatpipeinc/mpvpn_firmware 7.1.2 r39

fatpipeinc/mpvpn_firmware 9.1.2 r129 (9 CPE variants)

Published Dec 15, 2021

Tracked Since Feb 18, 2026