exploitDog

CVE-2023-31192

Опубликовано: 12 окт. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768
Exploit
Third Party Advisory
https://www.softether.org/9-about/News/904-SEVPN202301
Patch
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768
Exploit
Third Party Advisory
https://www.softether.org/9-about/News/904-SEVPN202301
Patch
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1768

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*

EPSS

Процентиль: 60%

0.00402

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-457

CWE-908

Связанные уязвимости

GHSA-jqqc-vv26-h55v

CVSS3: 5.3

github

больше 2 лет назад

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

EPSS

Процентиль: 60%

0.00402

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-457

CWE-908