Back to KEVs

CVE-2021-27855

FatPipe software allows privilege escalation

Basic Information

CVE State
PUBLISHED
Reserved Date
March 01, 2021
Published Date
December 15, 2021
Last Updated
September 17, 2024
Vendor
FatPipe
Product
WARP, IPVPN, MPVPN
Description
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a remote, authenticated attacker with read-only privileges to grant themselves administrative privileges. Older versions of FatPipe software may also be vulnerable. The FatPipe advisory identifier for this vulnerability is FPSA001.

CVSS Scores

CVSS v3.1

8.8 - HIGH

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploit Status

Exploited in the Wild
Yes (2025-10-14 00:00:00 UTC) Source

References

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5685.php https://www.fatpipeinc.com/support/cve-list.php https://www.zeroscience.mk/codes/fatpipe_privesc.txt

Known Exploited Vulnerability Information

Source Added Date
The Shadowserver (via CIRCL) 2025-10-14 00:00:00 UTC

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel