CVE-2024-38520 (GCVE-0-2024-38520)
Vulnerability from cvelistv5 – Published: 2024-06-26 18:59 – Updated: 2024-08-02 04:12
VLAI?
Title
SoftEther VPN with L2TP - 2.75x Amplification
Summary
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.
Severity ?
5.3 (Medium)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SoftEtherVPN | SoftEtherVPN |
Affected:
<= 5.02.5183
|
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vpn",
"vendor": "softether",
"versions": [
{
"status": "affected",
"version": "5.02.5185"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38520",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:51:29.981598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:53:01.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SoftEtherVPN",
"vendor": "SoftEtherVPN",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.02.5183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T15:16:05.881Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"
}
],
"source": {
"advisory": "GHSA-j35p-p8pj-vqxq",
"discovery": "UNKNOWN"
},
"title": "SoftEther VPN with L2TP - 2.75x Amplification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38520",
"datePublished": "2024-06-26T18:59:25.088Z",
"dateReserved": "2024-06-18T16:37:02.728Z",
"dateUpdated": "2024-08-02T04:12:25.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\\n\"}, {\"lang\": \"es\", \"value\": \" SoftEtherVPN es un programa VPN multiprotocolo, multiplataforma y de c\\u00f3digo abierto. Cuando SoftEtherVPN se implementa con L2TP habilitado en un dispositivo, presenta la posibilidad de que el host se utilice para la generaci\\u00f3n de tr\\u00e1fico de amplificaci\\u00f3n/reflexi\\u00f3n porque responder\\u00e1 a cada paquete con dos paquetes de respuesta que son m\\u00e1s grandes que el tama\\u00f1o del paquete de solicitud. Este tipo de t\\u00e9cnicas son utilizadas por actores externos que generan IP de origen falsificadas para apuntar a un destino en Internet. Esta vulnerabilidad ha sido parcheada en la versi\\u00f3n 5.02.5185.\"}]",
"id": "CVE-2024-38520",
"lastModified": "2024-11-21T09:26:09.807",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"baseScore\": 5.3, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 1.4}]}",
"published": "2024-06-26T19:15:13.890",
"references": "[{\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-38520\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-06-26T19:15:13.890\",\"lastModified\":\"2024-11-21T09:26:09.807\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\\n\"},{\"lang\":\"es\",\"value\":\" SoftEtherVPN es un programa VPN multiprotocolo, multiplataforma y de c\u00f3digo abierto. Cuando SoftEtherVPN se implementa con L2TP habilitado en un dispositivo, presenta la posibilidad de que el host se utilice para la generaci\u00f3n de tr\u00e1fico de amplificaci\u00f3n/reflexi\u00f3n porque responder\u00e1 a cada paquete con dos paquetes de respuesta que son m\u00e1s grandes que el tama\u00f1o del paquete de solicitud. Este tipo de t\u00e9cnicas son utilizadas por actores externos que generan IP de origen falsificadas para apuntar a un destino en Internet. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 5.02.5185.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\",\"baseScore\":5.3,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"references\":[{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:12:25.267Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-38520\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-26T20:51:29.981598Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*\"], \"vendor\": \"softether\", \"product\": \"vpn\", \"versions\": [{\"status\": \"affected\", \"version\": \"5.02.5185\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-06-26T20:51:36.398Z\"}}], \"cna\": {\"title\": \"SoftEther VPN with L2TP - 2.75x Amplification\", \"source\": {\"advisory\": \"GHSA-j35p-p8pj-vqxq\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 5.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"SoftEtherVPN\", \"product\": \"SoftEtherVPN\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003c= 5.02.5183\"}]}], \"references\": [{\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"name\": \"https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-400\", \"description\": \"CWE-400: Uncontrolled Resource Consumption\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-02T15:16:05.881Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-38520\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T04:12:25.267Z\", \"dateReserved\": \"2024-06-18T16:37:02.728Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-06-26T18:59:25.088Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…