CVE-2023-32634

High

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An…

talos·CWE-300·Published 2023-10-12

CVSS

7.4

EPSS

0.00

KEV

Exploits

cve.orgen

221 chars

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

NVDen

221 chars

NVDes

237 chars

Existe una vulnerabilidad de omisión de autenticación en la funcionalidad CiRpcServerThread() de SoftEther VPN 5.01.9674 y 4.41-9782-beta. Un atacante puede realizar un ataque de intermediario local para desencadenar esta vulnerabilidad.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.1	Primary	cve.org	7.8	—	—	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H