PT-2023-20294 · Softether · Softether Vpn

Lilith >_>

Published

2023-10-12

Updated

2023-10-18

CVE-2023-25774

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions SoftEther VPN version 5.02

Description A denial-of-service issue exists in the ConnectionAccept() functionality of the vpnserver. It can be triggered by a set of specially crafted network connections, allowing an attacker to send malicious packets and cause a denial of service.

Recommendations For SoftEther VPN version 5.02, consider disabling the ConnectionAccept() function temporarily until a patch is available to prevent potential exploitation. Restrict access to the vpnserver to minimize the risk of denial of service.

Exploit

Fix

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2023-25774

Affected Products

Softether Vpn

PT-2023-20294 · Softether · Softether Vpn

CVE-2023-25774

Weakness Enumeration

Related Identifiers

Affected Products

References · 5