PT-2019-12529 · Softether · See.Sys+1
Downwithup
·
Publicado
2019-07-29
·
Atualizado
2021-08-27
·
CVE-2019-11868
CVSS v3.1
7.8
Alta
| Vetor | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SoftEther VPN Server versions up to 4.29
See.sys up to version 4.25
Description
The issue allows a user to call an IOCTL, specifying any kernel address to which arbitrary bytes are written. This can potentially lead to unauthorized access and modification of kernel memory.
Recommendations
For SoftEther VPN Server versions up to 4.29, update See.sys to a version newer than 4.25 to resolve the issue.
For See.sys up to version 4.25, consider restricting access to the IOCTL function until a patch is available.
Correção
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
See.Sys
Softether Vpn Server