[Japanese]

JVNDB-2023-000069

Multiple vulnerabilities in SoftEther VPN and PacketiX VPN

Overview

SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server.
  • Heap-based buffer overflow (CWE-122) - CVE-2023-27395
  • Integer overflow or wraparound (CWE-190) - CVE-2023-22325
  • Exposure of resource to wrong sphere (CWE-668) - CVE-2023-32275
  • Improper access control (CWE-284) - CVE-2023-27516
  • Channel accessible by non-endpoint (CWE-300) - CVE-2023-32634
  • Use of uninitialized resource (CWE-908) - CVE-2023-31192
Lilith of Cisco Talos of Cisco Systems, Inc., United States of America reported these vulnerabilities to the developer and coordinated. The developer reported these vulnerabilities to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)

CVSS V3 Severity:
Base Metrics 8.1 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-27395

CVSS V3 Severity:
Base Metrics 5.9 (Medium) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High
CVSS V2 Severity:
Base Metrics 2.6 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-22325

CVSS V3 Severity:
Base Metrics 4.4 (Medium) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: High
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 1.5 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-32275

CVSS V3 Severity:
Base Metrics 7.0 (High) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: High
  • Integrity Impact: Low
  • Availability Impact: Low
CVSS V2 Severity:
Base Metrics 5.1 (Medium) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: None
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: Partial
The above CVSS base scores have been assigned for CVE-2023-27516

CVSS V3 Severity:
Base Metrics 3.9 (Low) [IPA Score]
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 3.0 (Low) [IPA Score]
  • Access Vector: Local
  • Access Complexity: Medium
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: Partial
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-32634

CVSS V3 Severity:
Base Metrics 3.1 (Low) [IPA Score]
  • Attack Vector: Network
  • Attack Complexity: High
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
  • Confidentiality Impact: Low
  • Integrity Impact: None
  • Availability Impact: None
CVSS V2 Severity:
Base Metrics 2.1 (Low) [IPA Score]
  • Access Vector: Network
  • Access Complexity: High
  • Authentication: Single
  • Confidentiality Impact: Partial
  • Integrity Impact: None
  • Availability Impact: None
The above CVSS base scores have been assigned for CVE-2023-31192
Affected Products


SoftEther Corporation
  • PacketiX VPN 4.41 Build 9787 RTM and earlier (Japan domestic sales only,CVE-2023-32275,CVE-2023-27516,CVE-2023-32634,CVE-2023-31192)
University of Tsukuba SoftEther VPN Project
  • SoftEther VPN 4.41 Build 9787 RTM and earlier (CVE-2023-27395,CVE-2023-22325,CVE-2023-32275,CVE-2023-27516,CVE-2023-32634,CVE-2023-31192)

Impact

  • An attacker capable of conducting man-in-the-middle attacks may cause a denial-of-service (DoS) condition or execute an arbitrary code - CVE-2023-27395
  • An attacker capable of conducting man-in-the-middle attacks may cause an infinite loop due to an integer overflow, resulting in a denial of service (DoS) condition - CVE-2023-22325
  • An attacker authenticated as an administrator may obtain the starting address of a heap region - CVE-2023-32275
  • In the VPN Client, an attacker may make an administrative connection if the remote administration feature is accidentally enabled without the password being set - CVE-2023-27516
  • An attacker who can penetrate the computer on which the product is running may obtain and alter the communication between VPN Client Manager and VPN Client process - CVE-2023-32634
  • When a specially crafted packet is sent to the VPN Client from the connection destination VPN Server prepared by an attacker, the attacker may obtain an uninitialized stack space value in the VPN Client process - CVE-2023-31192
Solution

[Apply the Patch]
Apply the appropriate patch according to the information provided by the developer.

[Apply Workarounds]
Applying the workarounds may mitigate the impacts of these vulnerabilities.

For the details, refer to the information provided by the developer.
Vendor Information

University of Tsukuba SoftEther VPN Project
CWE (What is CWE?)

  1. Buffer Errors(CWE-119) [IPA Evaluation]
  2. Permissions(CWE-264) [IPA Evaluation]
  3. No Mapping(CWE-Other) [IPA Evaluation]
CVE (What is CVE?)

  1. CVE-2023-27395
  2. CVE-2023-22325
  3. CVE-2023-32275
  4. CVE-2023-27516
  5. CVE-2023-31192
  6. CVE-2023-32634
References

  1. JVN : JVN#64316789
Revision History

  • [2023/07/03]
      Web page was published

Date Public2023/07/03
Date First Published2023/07/03
Date Last Updated2023/07/03