CVE-2019-11868

high

Description

See.sys, up to version 4.25, in SoftEther VPN Server versions 4.29 or older, allows a user to call an IOCTL specifying any kernel address to which arbitrary bytes are written to.

References

Advisories
More

https://github.com/SoftEtherVPN/SoftEtherVPN/tree/master/src/See

https://downwithup.github.io/CVEPosts

https://www.softether.org/9-about/News/900-SEVPN201901

Details

Source: Mitre, NVD

Published: 2019-07-29

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00128

Detections

Analytics