CVE-2023-32275

2023-10-1215:27:52

CWE-201

talos

www.cve.org

softether vpn

ctenumca()

information disclosure

vulnerability

network packets

sensitive information

attacker

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

7 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.2%

JSON

An information disclosure vulnerability exists in the CtEnumCa() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability.

CNA Affected

[
  {
    "vendor": "SoftEther VPN",
    "product": "SoftEther VPN",
    "versions": [
      {
        "version": "4.41-9782-beta",
        "status": "affected"
      },
      {
        "version": "5.01.9674",
        "status": "affected"
      }
    ]
  }
]