Vulnerability Details CVE-2019-11868
See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 33.4%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 4.6
References
- https://downwithup.github.io/CVEPosts
- https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/src/See
- https://www.softether.org/9-about/News/900-SEVPN201901
- https://downwithup.github.io/CVEPosts
- https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/src/See
- https://www.softether.org/9-about/News/900-SEVPN201901