Multiple vulnerabilities in SoftEther VPN
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2023-27395 CVE-2023-22325 CVE-2023-32275 CVE-2023-27516 CVE-2023-32634 CVE-2023-31192 |
| CWE-ID | CWE-122 CWE-190 CWE-668 CWE-284 CWE-300 CWE-908 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
SoftEther VPN Server applications / Remote access servers, VPN |
| Vendor | SoftEther VPN Project |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Heap-based buffer overflow
EUVDB-ID: #VU77842
Risk: High
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27395
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the DDNS client functionality. A remote attacker can perform a man-in-the-middle attack, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU77843
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-22325
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the dynamic DNS (DDNS) client function. A remote attacker can perform a man-in-the-middle attack, trigger integer overflow and cause a denial of service condition on the target system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Exposure of Resource to Wrong Sphere
EUVDB-ID: #VU77844
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32275
CWE-ID:
CWE-668 - Exposure of resource to wrong sphere
Exploit availability: No
DescriptionThe vulnerability allows a local user to compromise the system.
The vulnerability exists due to exposure of resource to wrong sphere. A local administrator can obtain the starting address of a heap region.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper access control
EUVDB-ID: #VU77847
Risk: Medium
CVSSv3.1: 6.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-27516
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote attacker can make an administrative connection if the remote administration feature is accidentally enabled without the password being set.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Man-in-the-Middle (MitM) attack
EUVDB-ID: #VU77848
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-32634
CWE-ID:
CWE-300 - Channel Accessible by Non-Endpoint ('Man-in-the-Middle')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a man-in-the-middle (MitM) attack.
The vulnerability exists due to using insecure protocols. A remote attacker can perform a man-in-the-middle attack on communication between the administrator and the VPN Client process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use of uninitialized resource
EUVDB-ID: #VU77849
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-31192
CWE-ID:
CWE-908 - Use of Uninitialized Resource
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass certain security restrictions.
The vulnerability exists due to usage of uninitialized resources. A remote user can send a specially crafted packet to the VPN Client, trigger uninitialized usage of resources and obtain an uninitialized stack space value in the VPN Client process.
MitigationInstall updates from vendor's website.
Vulnerable software versionsSoftEther VPN: 4.41 9787
External linkshttp://jvn.jp/en/jp/JVN64316789/index.html
http://www.softether.org/9-about/News/904-SEVPN202301
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
