CVE-2024-38520 - OpenCVE

Link	Providers
https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764
https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185
https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38520", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-18T16:37:02.728Z", "datePublished": "2024-06-26T18:59:25.088Z", "dateUpdated": "2024-08-02T04:12:25.267Z"}, "containers": {"cna": {"title": "SoftEther VPN with L2TP - 2.75x Amplification", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "lang": "en", "description": "CWE-400: Uncontrolled Resource Consumption", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}}], "references": [{"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"}, {"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "tags": ["x_refsource_MISC"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"}, {"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "tags": ["x_refsource_MISC"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"}], "affected": [{"vendor": "SoftEtherVPN", "product": "SoftEtherVPN", "versions": [{"version": "<= 5.02.5183", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-02T15:16:05.881Z"}, "descriptions": [{"lang": "en", "value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\n"}], "source": {"advisory": "GHSA-j35p-p8pj-vqxq", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "softether", "product": "vpn", "cpes": ["cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "5.02.5185", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-26T20:51:29.981598Z", "id": "CVE-2024-38520", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:53:01.101Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.267Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"}, {"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"}, {"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:12:25.267Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-38520", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-26T20:51:29.981598Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*"], "vendor": "softether", "product": "vpn", "versions": [{"status": "affected", "version": "5.02.5185"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-26T20:51:36.398Z"}}], "cna": {"title": "SoftEther VPN with L2TP - 2.75x Amplification", "source": {"advisory": "GHSA-j35p-p8pj-vqxq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "SoftEtherVPN", "product": "SoftEtherVPN", "versions": [{"status": "affected", "version": "<= 5.02.5183"}]}], "references": [{"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-07-02T15:16:05.881Z"}}}, "cveMetadata": {"cveId": "CVE-2024-38520", "state": "PUBLISHED", "dateUpdated": "2024-08-02T04:12:25.267Z", "dateReserved": "2024-06-18T16:37:02.728Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-26T18:59:25.088Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\n"}, {"lang": "es", "value": " SoftEtherVPN es un programa VPN multiprotocolo, multiplataforma y de c\u00f3digo abierto. Cuando SoftEtherVPN se implementa con L2TP habilitado en un dispositivo, presenta la posibilidad de que el host se utilice para la generaci\u00f3n de tr\u00e1fico de amplificaci\u00f3n/reflexi\u00f3n porque responder\u00e1 a cada paquete con dos paquetes de respuesta que son m\u00e1s grandes que el tama\u00f1o del paquete de solicitud. Este tipo de t\u00e9cnicas son utilizadas por actores externos que generan IP de origen falsificadas para apuntar a un destino en Internet. Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 5.02.5185."}], "id": "CVE-2024-38520", "lastModified": "2024-07-02T16:15:04.517", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-26T19:15:13.890", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"}, {"source": "security-advisories@github.com", "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"}, {"source": "security-advisories@github.com", "url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object