Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SoftEther VPN with L2TP - 2.75x Amplification
Vulnerability Description
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
SoftEther VPN 安全漏洞
Vulnerability Description
SoftEther VPN是一款开源的跨平台多协议VPN(虚拟专用网络)应用程序。 SoftEther VPN 5.02.5185 版本之前存在安全漏洞,该漏洞源于当在设备上启用 L2TP 部署 SoftEtherVPN 时,会使用两个大于请求数据包大小的响应数据包来响应每个数据包。
CVSS Information
N/A
Vulnerability Type
N/A