CVE-2023-27516

2023-10-1216:15:11

CWE-1188

CWE-453

[email protected]

web.nvd.nist.gov

cve-2023-27516

authentication bypass

softether vpn

vulnerability

network packet

unauthorized access

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

Affected configurations

Vulners

NVD

Node

softethervpnRange≤4.41-9782-beta

softethervpnRange≤5.01.9674

CPENameOperatorVersion
softether:vpnsoftether vpneq4.41-9782
softether:vpnsoftether vpneq5.01.9674

CPE	Name	Operator	Version
softether:vpn	softether vpn	eq	4.41-9782
softether:vpn	softether vpn	eq	5.01.9674

CNA Affected

[
  {
    "vendor": "SoftEther VPN",
    "product": "SoftEther VPN",
    "versions": [
      {
        "version": "4.41-9782-beta",
        "status": "affected"
      },
      {
        "version": "5.01.9674",
        "status": "affected"
      }
    ]
  }
]