Cyber Resilience

CVE-2021-27856

Critical

Published: 15 December 2021

Published
15 December 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.7089 98.7th percentile
Risk Priority 62 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-27856 is a critical-severity an unspecified weakness vulnerability in Fatpipeinc Ipvpn Firmware. Its CVSS base score is 9.8 (Critical).

Operationally, ranked in the top 1.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability…

more

is FPSA002.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

fatpipeinc
ipvpn firmware
10.1.2, 10.2.2, 5.2.0, 6.1.2, 7.1.2
fatpipeinc
mpvpn firmware
10.1.2, 10.2.2, 5.2.0, 6.1.2, 7.1.2
fatpipeinc
warp firmware
10.1.2, 10.2.2, 5.2.0, 6.1.2, 7.1.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References