Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DHCP by IETF

    CVE-2024-3661 (GCVE-0-2024-3661)

    Vulnerability from nvd – Published: 2024-05-06 18:31 – Updated: 2024-08-28 19:09
    VLAI
    Title
    DHCP routing options can manipulate interface-based VPN traffic
    Summary
    DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-501 - Trust Boundary Violation
    Assigner
    Impacted products
    Vendor Product Version
    IETF DHCP Affected: 0
    Create a notification for this product.
    Date Public
    2002-12-31 01:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:00.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tunnelvisionbug.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.leviathansecurity.com/research/tunnelvision"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40279632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://issuetracker.google.com/issues/263721377"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40284111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000139553"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T04:00:07.962328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T19:09:06.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "DHCP",
              "vendor": "IETF",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2002-12-31T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
                }
              ],
              "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-501",
                  "description": "CWE-501 Trust Boundary Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T15:04:50.790Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
            },
            {
              "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
            },
            {
              "url": "https://tunnelvisionbug.com/"
            },
            {
              "url": "https://www.leviathansecurity.com/research/tunnelvision"
            },
            {
              "url": "https://news.ycombinator.com/item?id=40279632"
            },
            {
              "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
            },
            {
              "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
            },
            {
              "url": "https://issuetracker.google.com/issues/263721377"
            },
            {
              "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
            },
            {
              "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
            },
            {
              "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
            },
            {
              "url": "https://news.ycombinator.com/item?id=40284111"
            },
            {
              "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
            },
            {
              "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
            },
            {
              "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
            },
            {
              "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
            },
            {
              "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
            },
            {
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000139553"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DHCP routing options can manipulate interface-based VPN traffic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-3661",
        "datePublished": "2024-05-06T18:31:21.217Z",
        "dateReserved": "2024-04-11T17:24:22.637Z",
        "dateUpdated": "2024-08-28T19:09:06.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-3661 (GCVE-0-2024-3661)

    Vulnerability from cvelistv5 – Published: 2024-05-06 18:31 – Updated: 2024-08-28 19:09
    VLAI
    Title
    DHCP routing options can manipulate interface-based VPN traffic
    Summary
    DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-306 - Missing Authentication for Critical Function
    • CWE-501 - Trust Boundary Violation
    Assigner
    Impacted products
    Vendor Product Version
    IETF DHCP Affected: 0
    Create a notification for this product.
    Date Public
    2002-12-31 01:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T20:20:00.420Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://tunnelvisionbug.com/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.leviathansecurity.com/research/tunnelvision"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40279632"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://issuetracker.google.com/issues/263721377"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://news.ycombinator.com/item?id=40284111"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://my.f5.com/manage/s/article/K000139553"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-3661",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-05-08T04:00:07.962328Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-28T19:09:06.995Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "DHCP",
              "vendor": "IETF",
              "versions": [
                {
                  "status": "affected",
                  "version": "0"
                }
              ]
            }
          ],
          "datePublic": "2002-12-31T01:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
                }
              ],
              "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "ADJACENT_NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 7.6,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-306",
                  "description": "CWE-306 Missing Authentication for Critical Function",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-501",
                  "description": "CWE-501 Trust Boundary Violation",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-01T15:04:50.790Z",
            "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
            "shortName": "cisa-cg"
          },
          "references": [
            {
              "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
            },
            {
              "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
            },
            {
              "url": "https://tunnelvisionbug.com/"
            },
            {
              "url": "https://www.leviathansecurity.com/research/tunnelvision"
            },
            {
              "url": "https://news.ycombinator.com/item?id=40279632"
            },
            {
              "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
            },
            {
              "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
            },
            {
              "url": "https://issuetracker.google.com/issues/263721377"
            },
            {
              "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
            },
            {
              "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
            },
            {
              "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
            },
            {
              "url": "https://news.ycombinator.com/item?id=40284111"
            },
            {
              "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
            },
            {
              "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
            },
            {
              "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
            },
            {
              "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
            },
            {
              "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
            },
            {
              "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
            },
            {
              "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
            },
            {
              "url": "https://my.f5.com/manage/s/article/K000139553"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DHCP routing options can manipulate interface-based VPN traffic",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "assignerShortName": "cisa-cg",
        "cveId": "CVE-2024-3661",
        "datePublished": "2024-05-06T18:31:21.217Z",
        "dateReserved": "2024-04-11T17:24:22.637Z",
        "dateUpdated": "2024-08-28T19:09:06.995Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }