DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
References
Configurations
No configuration.
History
21 Nov 2024, 09:30
Type | Values Removed | Values Added |
---|---|---|
References | () https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ - | |
References | () https://bst.cisco.com/quickview/bug/CSCwk05814 - | |
References | () https://datatracker.ietf.org/doc/html/rfc2131#section-7 - | |
References | () https://datatracker.ietf.org/doc/html/rfc3442#section-7 - | |
References | () https://fortiguard.fortinet.com/psirt/FG-IR-24-170 - | |
References | () https://issuetracker.google.com/issues/263721377 - | |
References | () https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ - | |
References | () https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic - | |
References | () https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision - | |
References | () https://my.f5.com/manage/s/article/K000139553 - | |
References | () https://news.ycombinator.com/item?id=40279632 - | |
References | () https://news.ycombinator.com/item?id=40284111 - | |
References | () https://security.paloaltonetworks.com/CVE-2024-3661 - | |
References | () https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 - | |
References | () https://tunnelvisionbug.com/ - | |
References | () https://www.agwa.name/blog/post/hardening_openvpn_for_def_con - | |
References | () https://www.leviathansecurity.com/research/tunnelvision - | |
References | () https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ - | |
References | () https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 - | |
References | () https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability - |
01 Jul 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2024, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
08 May 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. |
07 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 May 2024, 18:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary |
|
07 May 2024, 06:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 May 2024, 01:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.6 |
References |
|
|
06 May 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-05-06 19:15
Updated : 2024-11-21 09:30
NVD link : CVE-2024-3661
Mitre link : CVE-2024-3661
CVE.ORG link : CVE-2024-3661
JSON object : View
Products Affected
No product.