Описание
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.
Ссылки
- ExploitThird Party Advisory
- PatchVendor Advisory
- ExploitThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*
cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*
EPSS
Процентиль: 16%
0.0005
Низкий
7.3 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-453
CWE-1188
Связанные уязвимости
CVSS3: 7.3
github
больше 2 лет назад
An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.
EPSS
Процентиль: 16%
0.0005
Низкий
7.3 High
CVSS3
7.8 High
CVSS3
Дефекты
CWE-453
CWE-1188