CVE-2023-23581 – A denial-of-service vulnerability in SoftEther ... (How to Fix)

Q: What is the severity of CVE-2023-23581?

CVE-2023-23581 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability in SoftEther VPN's vpnserver component allows attackers to crash the VPN service by sending specially crafted network packets. This affects SoftEther VPN servers running vulnerable versions, potentially disrupting VPN connectivity for all users.

📋 TL;DR

A denial-of-service vulnerability in SoftEther VPN's vpnserver component allows attackers to crash the VPN service by sending specially crafted network packets. This affects SoftEther VPN servers running vulnerable versions, potentially disrupting VPN connectivity for all users.

💻 Affected Systems

Products:

SoftEther VPN Server

Versions: 5.01.9674 and 5.02

Operating Systems: All platforms running SoftEther VPN Server

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects the VPN server component; clients are not vulnerable.

📦 What is this software?

Vpn by Softether

View all CVEs affecting Vpn →

Vpn by Softether

View all CVEs affecting Vpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete VPN service outage affecting all connected users and preventing new connections until service restart.

🟠

Likely Case

Temporary VPN service disruption requiring manual restart of the vpnserver process.

🟢

If Mitigated

Minimal impact if VPN service is behind proper network segmentation and has automated restart capabilities.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to the VPN server port (default 443/TCP, 992/TCP, or 5555/TCP).

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.02.5180 or later

Vendor Advisory: https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-4vjq-6hxq-9g3q

Restart Required: Yes

Instructions:

1. Download latest version from SoftEther VPN website. 2. Stop vpnserver service. 3. Install updated version. 4. Restart vpnserver service.

🔧 Temporary Workarounds

Network Access Restriction

linux

Restrict network access to VPN server ports to trusted IP addresses only.

iptables -A INPUT -p tcp --dport 443 -s trusted_ip -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j DROP

Service Monitoring and Auto-restart

all

Configure monitoring to automatically restart vpnserver if it crashes.

systemctl enable vpnserver
Configure monitoring tool to restart service on failure

🧯 If You Can't Patch

Implement strict network segmentation to limit access to VPN server ports
Deploy VPN server behind a WAF or IPS with DoS protection capabilities

🔍 How to Verify

Check if Vulnerable:

Check SoftEther VPN Server version via admin console or configuration file.

Check Version:

vpncmd localhost /SERVER /CMD About

Verify Fix Applied:

Verify version is 5.02.5180 or later and test VPN connectivity.

📡 Detection & Monitoring

Log Indicators:

vpnserver process crashes
Unexpected service restarts
Connection spikes followed by service failure

Network Indicators:

Multiple malformed packets to VPN server ports
Sudden drop in VPN connections

SIEM Query:

source="vpnserver.log" AND ("crash" OR "segmentation fault" OR "abnormal termination")

📊 Metadata

CVE ID: CVE-2023-23581

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-125

Published: October 12, 2023

Last Updated: November 21, 2024

🔗 References

https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741 Exploit,Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741 Exploit,Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1741

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23581, you might also want to check these: