Japan Vulnerability NotesJVN:64316789JVN#64316789: Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.4%
SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server.
Heap-based buffer overflow (CWE-122) - CVE-2023-27395
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H | Base Score: 8.1 |
| CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:P | Base Score: 5.1 |
Integer overflow or wraparound (CWE-190) - CVE-2023-22325
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H | Base Score: 5.9 |
| CVSS v2 | AV:N/AC:H/Au:N/C:N/I:N/A:P | Base Score: 2.6 |
Exposure of resource to wrong sphere (CWE-668) - CVE-2023-32275
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N | Base Score: 4.4 |
| CVSS v2 | AV:L/AC:M/Au:S/C:P/I:N/A:N | Base Score: 1.5 |
Improper access control (CWE-284) - CVE-2023-27516
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L | Base Score: 7.0 |
| CVSS v2 | AV:N/AC:H/Au:N/C:P/I:P/A:P | Base Score: 5.1 |
Channel accessible by non-endpoint (CWE-300) - CVE-2023-32634
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N | Base Score: 3.9 |
| CVSS v2 | AV:L/AC:M/Au:S/C:P/I:P/A:N | Base Score: 3.0 |
Use of uninitialized resource (CWE-908) - CVE-2023-31192
| Version | Vector | Score |
|---|---|---|
| CVSS v3 | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N | Base Score: 3.1 |
| CVSS v2 | AV:N/AC:H/Au:S/C:P/I:N/A:N | Base Score: 2.1 |
Impact
- An attacker capable of conducting man-in-the-middle attacks may cause a denial-of-service (DoS) condition or execute an arbitrary code - CVE-2023-27395
- An attacker capable of conducting man-in-the-middle attacks may cause an infinite loop due to an integer overflow, resulting in a denial of service (DoS) condition - CVE-2023-22325
- An attacker authenticated as an administrator may obtain the starting address of a heap region - CVE-2023-32275
- In the VPN Client, an attacker may make an administrative connection if the remote administration feature is accidentally enabled without the password being set - CVE-2023-27516
- An attacker who can penetrate the computer on which the product is running may obtain and alter the communication between VPN Client Manager and VPN Client process - CVE-2023-32634
- When a specially crafted packet is sent to the VPN Client from the connection destination VPN Server prepared by an attacker, the attacker may obtain an uninitialized stack space value in the VPN Client process - CVE-2023-31192
Solution
Apply the Patch
Apply the appropriate patch according to the information provided by the developer.
Apply Workarounds
Applying the workarounds may mitigate the impacts of these vulnerabilities.
For the details, refer to the information provided by the developer.
Products Affected
CVE-2023-27395, CVE-2023-22325
-
SoftEther VPN 4.41 Build 9787 RTM and earlier
CVE-2023-32275, CVE-2023-27516, CVE-2023-32634, CVE-2023-31192 -
SoftEther VPN 4.41 Build 9787 RTM and earlier
-
Product version PacketiX VPN 4.41 Build 9787 RTM and earlier (Japan domestic sales only)
Related
9 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
41.4%