CVE-2009-1943

SafeNet SoftRemote <10.8.6 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-1943. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/vpn/safenet_ike_11.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in SafeNet SoftRemote IKE service (IreIKE.exe) via a crafted UDP packet to port 62514, allowing arbitrary code execution. It targets specific versions of SafeNet Irelke and includes payload handling for reverse shells.

Description

Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16831

This Metasploit module exploits a stack buffer overflow in SafeNet SoftRemote IKE service (IreIKE.exe) via a crafted UDP packet to port 62514, allowing arbitrary code execution. It targets specific versions of SafeNet Irelke and includes payload handling for reverse shells.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SafeNet SoftRemote IKE (IreIKE.exe) versions 10.8.0.20, 10.8.0.10, 10.8.3.6
No auth needed
Prerequisites: Network access to UDP port 62514 · Target running vulnerable SafeNet SoftRemote IKE version
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/vpn/safenet_ike_11.rb

This Metasploit module exploits a stack buffer overflow in SafeNet SoftRemote IKE service (IreIKE.exe) via a crafted UDP packet to port 62514, allowing arbitrary code execution. The exploit targets specific return addresses for different versions of the software.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: SafeNet SoftRemote IKE Service (IreIKE.exe) versions 10.8.0.20, 10.8.0.10, 10.8.3.6
No auth needed
Prerequisites: Network access to UDP port 62514 on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (8)

Core 8
Core References
Patch, Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1472
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1022316
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54831
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35280
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35154
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-09-024/
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50880
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503981/100/0/threaded

Scores

EPSS 0.7221
EPSS Percentile 99.4%

Details

CWE
CWE-119
Status published
Products (13)
safenet-inc/softremote 1.7.1
safenet-inc/softremote 1.7.2
safenet-inc/softremote 1.7.7
safenet-inc/softremote 1.8.1
safenet-inc/softremote 1.9.0
safenet-inc/softremote 8.0
safenet-inc/softremote 10.7.7
safenet-inc/softremote 10.8.0
safenet-inc/softremote 10.8.1
safenet-inc/softremote 10.8.2
... and 3 more
Published Jun 05, 2009
Tracked Since Feb 18, 2026