CVE-2023-32634

Summary

An authentication bypass vulnerability exists in the CiRpcServerThread() functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta. An attacker can perform a local man-in-the-middle attack to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
SoftEther VPNSoftEther VPN4.41-9782-betaaffected
SoftEther VPNSoftEther VPN5.01.9674affected

Weaknesses

  • CWE-300: CWE-300: Channel Accessible by Non-Endpoint ('Man-in-the-Middle')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References