CVE-2023-27516

2023-10-1216:15:11

CWE-453

CWE-1188

[email protected]

web.nvd.nist.gov

authentication bypass

network packet

unauthorized access

network request

vulnerability

softether vpn

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.3

Confidence

High

EPSS

Percentile

9.0%

JSON

An authentication bypass vulnerability exists in the CiRpcAccepted() functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability.

Affected configurations

Nvd

Node

softethervpnMatch4.41-9782beta

softethervpnMatch5.01.9674

VendorProductVersionCPE
softethervpn4.41-9782cpe:2.3:a:softether:vpn:4.41-9782:beta:*:*:*:*:*:*
softethervpn5.01.9674cpe:2.3:a:softether:vpn:5.01.9674:*:*:*:*:*:*:*