CVE-2021-27860

Name: CVE-2021-27860
Creator: NVD / NIST
Published: 2021-12-08T17:15:10.8+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10Actively ExploitedEPSS 39.82%

Last modified Jun 17, 2026

CVE-2021-27860 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.. CISA has confirmed active exploitation in the wild. EPSS estimates a 39.82% chance of exploitation in the next 30 days.

Description

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p92 and 10.2.2r44p1 allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. The FatPipe advisory identifier for this vulnerability is FPSA006.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

39.82%

98.4th percentile

Probability of exploitation in the next 30 days. Learn more

Exploitation Status

This vulnerability is listed in CISA’s Known Exploited Vulnerabilities catalog, confirming active exploitation in the wild. Federal agencies must remediate by Jan 24, 2022.

Weakness Enumeration

Affected Software

Vendor	Product	Versions	Update
Fatpipeinc	Ipvpn Firmware	5.2.0	R34
Fatpipeinc	Ipvpn Firmware	6.1.2	R70p26
Fatpipeinc	Ipvpn Firmware	7.1.2	R39
Fatpipeinc	Ipvpn Firmware	9.1.2	R129
Fatpipeinc	Ipvpn Firmware	10.1.2	R60p10
Fatpipeinc	Ipvpn Firmware	10.2.2	R10
Fatpipeinc	Warp Firmware	5.2.0	R34
Fatpipeinc	Warp Firmware	6.1.2	R70p26
Fatpipeinc	Warp Firmware	7.1.2	R39
Fatpipeinc	Warp Firmware	9.1.2	R129
Fatpipeinc	Warp Firmware	10.1.2	R60p10
Fatpipeinc	Warp Firmware	10.2.2	R10
Fatpipeinc	Mpvpn Firmware	5.2.0	R34
Fatpipeinc	Mpvpn Firmware	6.1.2	R70p26
Fatpipeinc	Mpvpn Firmware	7.1.2	R39
Fatpipeinc	Mpvpn Firmware	9.1.2	R129
Fatpipeinc	Mpvpn Firmware	10.1.2	R60p10
Fatpipeinc	Mpvpn Firmware	10.2.2	R10

References

https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
https://www.ic3.gov/Media/News/2021/211117-2.pdfExploit, Mitigation, Third Party Advisory, US Government Resource
https://www.fatpipeinc.com/support/cve-list.phpVendor Advisory
https://www.ic3.gov/Media/News/2021/211117-2.pdfExploit, Mitigation, Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-27860US Government Resource

Timeline

Published: Dec 8, 2021
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2021-27860?

How severe is CVE-2021-27860?

CVE-2021-27860 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 39.82% probability of exploitation in the next 30 days. This vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.

How do I fix CVE-2021-27860?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27860?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST