CVE-2023-27516

2023-10-1215:27:52

CWE-453

talos

www.cve.org

authentication bypass

softether vpn

vulnerability

network packet

unauthorized access

attacker

CVSS3

7.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

AI Score

8.8

Confidence

High

EPSS

Percentile

9.0%

JSON

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "SoftEther VPN",
    "product": "SoftEther VPN",
    "versions": [
      {
        "version": "4.41-9782-beta",
        "status": "affected"
      },
      {
        "version": "5.01.9674",
        "status": "affected"
      }
    ]
  }
]