CVE-2023-32275 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
talos	CNA	5.5 MEDIUM	LOCAL	LOW	LOW	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 17%

Vendor	Product	Version
softether	vpn	4.41-9782:beta
softether	vpn	5.01.9674

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-201 - Insertion of Sensitive Information Into Sent Data
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
CWE-668 - Exposure of Resource to Wrong Sphere
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753

https://www.softether.org/9-about/News/904-SEVPN202301

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1753

https://www.softether.org/9-about/News/904-SEVPN202301