What is CVE-2021-27856?

CVE-2021-27856 is a critical-severity vulnerability in Fatpipe Ipvpn. CVSS score: 9.8/10. Published 2021-12-15.

How severe is CVE-2021-27856?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2021-27856 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Fatpipe Ipvpn

CVE-2021-27856

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an account named "cmuser" that has administrative privileges and no password. Older versions of FatPipe software may also be vulnerable. The FatP…

EPSS: 0.709 (98.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Fatpipe Ipvpn — versions 10.1, 10.2
Fatpipe Mpvpn — versions 10.1, 10.2
Fatpipe Warp — versions 10.1, 10.2

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5684.php (x_refsource_MISC)
www.fatpipeinc.com/support/cve-list.php (x_refsource_CONFIRM)
www.zeroscience.mk/codes/fatpipe_backdoor.txt (x_refsource_MISC)

Frequently asked questions

What is CVE-2021-27856?: CVE-2021-27856 is a critical-severity vulnerability in Fatpipe Ipvpn. CVSS score: 9.8/10. Published 2021-12-15.
How severe is CVE-2021-27856?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2021-27856 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.