VAR-202405-0458
Vulnerability from variot - Updated: 2025-01-15 23:06DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202405-0458",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.0"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "4.2.0.282"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.2"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "3.7.0.134"
},
{
"model": "ipsec mobile vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "watchguard",
"version": "*"
},
{
"model": "forticlient",
"scope": "eq",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.4.0"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "17.1.0"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "15.1.10"
},
{
"model": "globalprotect",
"scope": "eq",
"trust": 1.0,
"vendor": "paloaltonetworks",
"version": "*"
},
{
"model": "big-ip access policy manager",
"scope": "lte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.5"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "7.2.3"
},
{
"model": "client connector",
"scope": "gte",
"trust": 1.0,
"vendor": "zscaler",
"version": "3.7"
},
{
"model": "client connector",
"scope": "lt",
"trust": 1.0,
"vendor": "zscaler",
"version": "1.5.1.25"
},
{
"model": "secure client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "forticlient",
"scope": "lt",
"trust": 1.0,
"vendor": "fortinet",
"version": "7.2.5"
},
{
"model": "mobile vpn with ssl",
"scope": "eq",
"trust": 1.0,
"vendor": "watchguard",
"version": "*"
},
{
"model": "anyconnect vpn client",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "secure access client",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "24.06.1"
},
{
"model": "big-ip access policy manager",
"scope": "gte",
"trust": 1.0,
"vendor": "f5",
"version": "16.1.0"
},
{
"model": "client connector",
"scope": "eq",
"trust": 1.0,
"vendor": "zscaler",
"version": null
},
{
"model": "forticlient",
"scope": "gte",
"trust": 1.0,
"vendor": "fortinet",
"version": "6.4.0"
},
{
"model": "secure access client",
"scope": "lt",
"trust": 1.0,
"vendor": "citrix",
"version": "24.8.5"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"cve": "CVE-2024-3661",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.8,
"id": "CVE-2024-3661",
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
}
],
"severity": [
{
"author": "9119a7d8-5eab-497f-8521-727c672e3725",
"id": "CVE-2024-3661",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "nvd@nist.gov",
"id": "CVE-2024-3661",
"trust": 1.0,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
},
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.",
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
],
"trust": 1.0
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3661",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"id": "VAR-202405-0458",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 0.7222222
},
"last_update_date": "2025-01-15T23:06:15.378000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-501",
"trust": 1.0
},
{
"problemtype": "CWE-306",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.0,
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"trust": 1.0,
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"trust": 1.0,
"url": "https://fortiguard.fortinet.com/psirt/fg-ir-24-170"
},
{
"trust": 1.0,
"url": "https://bst.cisco.com/quickview/bug/cscwk05814"
},
{
"trust": 1.0,
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"trust": 1.0,
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"trust": 1.0,
"url": "https://tunnelvisionbug.com/"
},
{
"trust": 1.0,
"url": "https://security.paloaltonetworks.com/cve-2024-3661"
},
{
"trust": 1.0,
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"trust": 1.0,
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"trust": 1.0,
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"trust": 1.0,
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"trust": 1.0,
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"trust": 1.0,
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"trust": 1.0,
"url": "https://support.citrix.com/article/ctx677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"trust": 1.0,
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"trust": 1.0,
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"trust": 1.0,
"url": "https://my.f5.com/manage/s/article/k000139553"
},
{
"trust": 1.0,
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-05-06T19:15:11.027000",
"db": "NVD",
"id": "CVE-2024-3661"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2025-01-15T16:50:28.667000",
"db": "NVD",
"id": "CVE-2024-3661"
}
]
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…