CVE-2021-27859
📋 TL;DR
This vulnerability allows authenticated users with read-only privileges in FatPipe WARP, IPVPN, and MPVPN software to create administrative accounts, effectively escalating their privileges. Attackers with any authenticated access can gain full administrative control of the affected FatPipe devices. Organizations using vulnerable versions of FatPipe networking software are affected.
💻 Affected Systems
- FatPipe WARP
- FatPipe IPVPN
- FatPipe MPVPN
📦 What is this software?
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Ipvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Mpvpn Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
Warp Firmware by Fatpipeinc
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of FatPipe device with administrative control, enabling network traffic interception, configuration changes, and potential lateral movement into connected networks.
Likely Case
Privilege escalation from low-privilege authenticated user to administrative control, allowing unauthorized configuration changes and network access.
If Mitigated
Limited impact if proper access controls and network segmentation prevent unauthorized users from accessing the management interface.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authentication is achieved. Public proof-of-concept code exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 10.1.2r60p91 and 10.2.2r42
Vendor Advisory: https://www.fatpipeinc.com/support/cve-list.php
Restart Required: Yes
Instructions:
1. Download the patched version from FatPipe support portal. 2. Backup current configuration. 3. Apply the firmware update. 4. Restart the device. 5. Verify the update was successful.
🔧 Temporary Workarounds
Restrict Management Interface Access
allLimit access to the web management interface to trusted IP addresses only.
Remove Unnecessary Accounts
allReview and remove all non-essential user accounts, especially those with read-only privileges.
🧯 If You Can't Patch
- Implement strict network segmentation to isolate FatPipe devices from untrusted networks
- Enable multi-factor authentication for all administrative accounts if supported
🔍 How to Verify
Check if Vulnerable:
Check the firmware version in the FatPipe web interface under System > Status > Version InformationCheck Version:
Login to web interface and navigate to System > Status > Version InformationVerify Fix Applied:
Verify the firmware version is 10.1.2r60p91 or 10.2.2r42 or later, and test that read-only users cannot create administrative accounts📡 Detection & Monitoring
Log Indicators:
- Unexpected user account creation events
- Privilege escalation attempts
- Administrative actions from non-admin users
Network Indicators:
- Unusual HTTP POST requests to user management endpoints from read-only accounts
SIEM Query:
source="fatpipe_logs" AND (event_type="user_create" OR event_type="privilege_change") AND user_role="read-only"🔗 References
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_csrf.txt
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php
- https://www.fatpipeinc.com/support/cve-list.php
- https://www.zeroscience.mk/codes/fatpipe_csrf.txt
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5681.php
