Vulnerabilities > CVE-2019-11868 - Out-of-bounds Write vulnerability in Softether See.Sys 4.25

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
softether
CWE-787

Summary

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.

Vulnerable Configurations

Part Description Count
Application
Softether
2

Common Weakness Enumeration (CWE)