CVE-2023-31192

Severity Score

5.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track*

*SSVC

Descriptions

An information disclosure vulnerability exists in the ClientConnect() functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Existe una vulnerabilidad de divulgación de información en la funcionalidad ClientConnect() de SoftEther VPN 5.01.9674. Un paquete de red especialmente manipulado puede dar lugar a la divulgación de información confidencial. Un atacante puede realizar un ataque de intermediario para desencadenar esta vulnerabilidad.

*Credits: Discovered by Lilith >_> of Cisco Talos.

CVSS Scores

NISTv3.1 5.3

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:Track*

Exploitation

Poc

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-06-12 CVE Reserved
2023-10-12 CVE Published
2024-09-17 CVE Updated
2024-09-17 First Exploit
2024-10-18 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-457: Use of Uninitialized Variable
CWE-908: Use of Uninitialized Resource

CAPEC

References (2)

URL	Tag	Source

URL	Date	SRC
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1768	2024-09-17

URL	Date	SRC
https://www.softether.org/9-about/News/904-SEVPN202301	2023-10-18

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Softether Search vendor "Softether"		Vpn Search vendor "Softether" for product "Vpn"				5.01.9674 Search vendor "Softether" for product "Vpn" and version "5.01.9674"		-		Affected