Loading
Generated remediation guidance and an executive summary. No account required.
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, unauthenticated attacker to download a configuration archive. The attacker needs to know or correctly guess the hostname of the target system since the hostname is used as part of the configuration archive file name. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA003.
Use CWE-862, Fatpipeinc vendor hub and Ipvpn Firmware product page to widen CVE-2021-27857 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2021-27860, CVE-2021-27856 and CVE-2021-27859 for nearby disclosures in the same product family.