Cisco Talos has disclosed 17 vulnerabilities over the past two weeks, including nine that exist in a popular VPN software.  

Attackers could exploit these vulnerabilities in the SoftEther VPN solution for individual and enterprise users to force users to drop their connections or execute arbitrary code on the targeted machine.  

Talos’ Vulnerability Research team also found a cross-site scripting (XSS) vulnerability in the Peplink Surf series of home and wireless routers that could allow an attacker to manipulate HTML elements into executing arbitrary JavaScript. However, this vulnerability is not considered to be particularly serious, with a CVSS severity score of only 3.4 out of 10. 

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.  

SoftEther VPN client 

Discovered by Lilith >_>. 

The SoftEther VPN client contains multiple vulnerabilities that could lead to a variety of conditions, including allowing an adversary to cause a denial of service or execute arbitrary code on the targeted machine. SoftEther is an open-source, cross-platform, multi-protocol VPN managed as part of an academic project at the University of Tsukuba in Japan. 

Four of the vulnerabilities Talos disclosed last week exist when an adversary sends a specific set of packets to the targeted device, and can cause the software to crash entirely, leading to a denial of service: 

TALOS-2023-1736 (CVE-2023-2 ..

Support the originator by clicking the read the rest link below.