CVE-2023-32634

Опубликовано: 12 окт. 2023

Источник: nvd

CVSS3: 7.8

CVSS3: 7.4

EPSS Низкий

Описание

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

Ссылки

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755
Exploit
Third Party Advisory
https://www.softether.org/9-about/News/904-SEVPN202301
Patch
Vendor Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1755
Exploit
Third Party Advisory
https://www.softether.org/9-about/News/904-SEVPN202301
Patch
Vendor Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1755

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*

cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00033

Низкий

7.8 High

CVSS3

7.4 High

CVSS3

Дефекты

CWE-300

NVD-CWE-Other

Связанные уязвимости

GHSA-q5mg-3r24-hvx2

CVSS3: 7.8

github

больше 2 лет назад

EPSS

Процентиль: 9%

0.00033

Низкий

7.8 High

CVSS3

7.4 High

CVSS3

Дефекты

CWE-300

NVD-CWE-Other