Vulnerability-Lookup

CVE-2024-3661 (GCVE-0-2024-3661)

Vulnerability from cvelistv5 – Published: 2024-05-06 18:31 – Updated: 2024-08-28 19:09

Title

DHCP routing options can manipulate interface-based VPN traffic

Summary

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Severity ?

7.6 (High)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

CWE

CWE-306 - Missing Authentication for Critical Function
CWE-501 - Trust Boundary Violation

Assigner

cisa-cg

References

URL

Tags

	https://datatracker.ietf.org/doc/html/rfc2131#section-7
	https://datatracker.ietf.org/doc/html/rfc3442#section-7
	https://tunnelvisionbug.com/
	https://www.leviathansecurity.com/research/tunnelvision
	https://news.ycombinator.com/item?id=40279632
	https://arstechnica.com/security/2024/05/novel-at…
	https://krebsonsecurity.com/2024/05/why-your-vpn-…
	https://issuetracker.google.com/issues/263721377
	https://mullvad.net/en/blog/evaluating-the-impact…
	https://www.zscaler.com/blogs/security-research/c…
	https://lowendtalk.com/discussion/188857/a-rogue-…
	https://news.ycombinator.com/item?id=40284111
	https://www.agwa.name/blog/post/hardening_openvpn…
	https://www.theregister.com/2024/05/07/vpn_tunnel…
	https://support.citrix.com/article/CTX677069/clou…
	https://www.watchguard.com/wgrd-psirt/advisory/wg…
	https://bst.cisco.com/quickview/bug/CSCwk05814
	https://security.paloaltonetworks.com/CVE-2024-3661
	https://fortiguard.fortinet.com/psirt/FG-IR-24-170
	https://my.f5.com/manage/s/article/K000139553

Impacted products

	Vendor	Product	Version
	IETF	DHCP	Affected: 0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-01T20:20:00.420Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tunnelvisionbug.com/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.leviathansecurity.com/research/tunnelvision"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40279632"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://issuetracker.google.com/issues/263721377"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://news.ycombinator.com/item?id=40284111"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://my.f5.com/manage/s/article/K000139553"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-3661",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-08T04:00:07.962328Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-28T19:09:06.995Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "DHCP",
          "vendor": "IETF",
          "versions": [
            {
              "status": "affected",
              "version": "0"
            }
          ]
        }
      ],
      "datePublic": "2002-12-31T01:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
            }
          ],
          "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "ADJACENT_NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.6,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-306",
              "description": "CWE-306 Missing Authentication for Critical Function",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-501",
              "description": "CWE-501 Trust Boundary Violation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-01T15:04:50.790Z",
        "orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
        "shortName": "cisa-cg"
      },
      "references": [
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
        },
        {
          "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
        },
        {
          "url": "https://tunnelvisionbug.com/"
        },
        {
          "url": "https://www.leviathansecurity.com/research/tunnelvision"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40279632"
        },
        {
          "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
        },
        {
          "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
        },
        {
          "url": "https://issuetracker.google.com/issues/263721377"
        },
        {
          "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
        },
        {
          "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
        },
        {
          "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
        },
        {
          "url": "https://news.ycombinator.com/item?id=40284111"
        },
        {
          "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
        },
        {
          "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
        },
        {
          "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
        },
        {
          "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
        },
        {
          "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
        },
        {
          "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
        },
        {
          "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
        },
        {
          "url": "https://my.f5.com/manage/s/article/K000139553"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DHCP routing options can manipulate interface-based VPN traffic",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
    "assignerShortName": "cisa-cg",
    "cveId": "CVE-2024-3661",
    "datePublished": "2024-05-06T18:31:21.217Z",
    "dateReserved": "2024-04-11T17:24:22.637Z",
    "dateUpdated": "2024-08-28T19:09:06.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://datatracker.ietf.org/doc/html/rfc2131#section-7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://datatracker.ietf.org/doc/html/rfc3442#section-7\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://tunnelvisionbug.com/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.leviathansecurity.com/research/tunnelvision\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=40279632\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://issuetracker.google.com/issues/263721377\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://news.ycombinator.com/item?id=40284111\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.agwa.name/blog/post/hardening_openvpn_for_def_con\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://bst.cisco.com/quickview/bug/CSCwk05814\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2024-3661\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-170\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://my.f5.com/manage/s/article/K000139553\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-01T20:20:00.420Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-3661\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-05-08T04:00:07.962328Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-28T19:09:03.429Z\"}}], \"cna\": {\"title\": \"DHCP routing options can manipulate interface-based VPN traffic\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.6, \"attackVector\": \"ADJACENT_NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"IETF\", \"product\": \"DHCP\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\"}], \"defaultStatus\": \"affected\"}], \"datePublic\": \"2002-12-31T01:00:00.000Z\", \"references\": [{\"url\": \"https://datatracker.ietf.org/doc/html/rfc2131#section-7\"}, {\"url\": \"https://datatracker.ietf.org/doc/html/rfc3442#section-7\"}, {\"url\": \"https://tunnelvisionbug.com/\"}, {\"url\": \"https://www.leviathansecurity.com/research/tunnelvision\"}, {\"url\": \"https://news.ycombinator.com/item?id=40279632\"}, {\"url\": \"https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/\"}, {\"url\": \"https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/\"}, {\"url\": \"https://issuetracker.google.com/issues/263721377\"}, {\"url\": \"https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision\"}, {\"url\": \"https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability\"}, {\"url\": \"https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic\"}, {\"url\": \"https://news.ycombinator.com/item?id=40284111\"}, {\"url\": \"https://www.agwa.name/blog/post/hardening_openvpn_for_def_con\"}, {\"url\": \"https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/\"}, {\"url\": \"https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661\"}, {\"url\": \"https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009\"}, {\"url\": \"https://bst.cisco.com/quickview/bug/CSCwk05814\"}, {\"url\": \"https://security.paloaltonetworks.com/CVE-2024-3661\"}, {\"url\": \"https://fortiguard.fortinet.com/psirt/FG-IR-24-170\"}, {\"url\": \"https://my.f5.com/manage/s/article/K000139553\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"DHCP can add routes to a client\\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"DHCP can add routes to a client\\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-306\", \"description\": \"CWE-306 Missing Authentication for Critical Function\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-501\", \"description\": \"CWE-501 Trust Boundary Violation\"}]}], \"providerMetadata\": {\"orgId\": \"9119a7d8-5eab-497f-8521-727c672e3725\", \"shortName\": \"cisa-cg\", \"dateUpdated\": \"2024-07-01T15:04:50.790Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-3661\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-28T19:09:06.995Z\", \"dateReserved\": \"2024-04-11T17:24:22.637Z\", \"assignerOrgId\": \"9119a7d8-5eab-497f-8521-727c672e3725\", \"datePublished\": \"2024-05-06T18:31:21.217Z\", \"assignerShortName\": \"cisa-cg\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2025-AVI-0255

Vulnerability from certfr_avis - Published: 2025-03-28 - Updated: 2025-03-28

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	QRadar SIEM	QRadar SIEM versions 7.5.x antérieures à 7.5.0 UP11 IF02
IBM	WebSphere	WebSphere Application Server Liberty versions 17.0.0.3 à 25.0.x antérieures à 25.0.0.3 sans le correctif PH65394 ou antérieures à 25.0.0.4 (disponible au deuxième trimestre 2025)
IBM	Sterling	Sterling Connect:Direct pour HP NonStop versions 3.6.x antérieures à 3.6.0.6 iFix000
IBM	Sterling Control Center	Sterling Control Center versions 6.2.1.x antérieures à 6.2.1.0 iFix15
IBM	Sterling Control Center	Sterling Control Center versions 6.3.1.x antérieures à 6.3.1.0 iFix04

References

Title

Publication Time

Tags

Bulletin de sécurité IBM 7228857	2025-03-24	vendor-advisory
Bulletin de sécurité IBM 7184085	2025-03-26	vendor-advisory
Bulletin de sécurité IBM 7229079	2025-03-26	vendor-advisory
Bulletin de sécurité IBM 7229377	2025-03-28	vendor-advisory
Bulletin de sécurité IBM 7228856	2025-03-24	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "QRadar SIEM versions 7.5.x ant\u00e9rieures \u00e0 7.5.0 UP11 IF02",
      "product": {
        "name": "QRadar SIEM",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "WebSphere Application Server Liberty versions 17.0.0.3 \u00e0 25.0.x ant\u00e9rieures \u00e0 25.0.0.3 sans le correctif PH65394 ou ant\u00e9rieures \u00e0 25.0.0.4 (disponible au deuxi\u00e8me trimestre 2025)",
      "product": {
        "name": "WebSphere",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Connect:Direct pour HP NonStop versions 3.6.x ant\u00e9rieures \u00e0 3.6.0.6 iFix000",
      "product": {
        "name": "Sterling",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.2.1.x ant\u00e9rieures \u00e0 6.2.1.0 iFix15",
      "product": {
        "name": "Sterling Control Center",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    },
    {
      "description": "Sterling Control Center versions 6.3.1.x ant\u00e9rieures \u00e0 6.3.1.0 iFix04",
      "product": {
        "name": "Sterling Control Center",
        "vendor": {
          "name": "IBM",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-50142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50142"
    },
    {
      "name": "CVE-2023-33201",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-33201"
    },
    {
      "name": "CVE-2022-45688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45688"
    },
    {
      "name": "CVE-2024-50275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50275"
    },
    {
      "name": "CVE-2022-4304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-4304"
    },
    {
      "name": "CVE-2023-0215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0215"
    },
    {
      "name": "CVE-2023-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-0286"
    },
    {
      "name": "CVE-2023-26049",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26049"
    },
    {
      "name": "CVE-2024-50192",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50192"
    },
    {
      "name": "CVE-2023-5072",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-5072"
    },
    {
      "name": "CVE-2024-50082",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50082"
    },
    {
      "name": "CVE-2024-53122",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53122"
    },
    {
      "name": "CVE-2024-26935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26935"
    },
    {
      "name": "CVE-2024-50264",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50264"
    },
    {
      "name": "CVE-2023-36478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36478"
    },
    {
      "name": "CVE-2024-53088",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-53088"
    },
    {
      "name": "CVE-2023-28439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-28439"
    },
    {
      "name": "CVE-2024-46695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-46695"
    },
    {
      "name": "CVE-2024-49949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-49949"
    },
    {
      "name": "CVE-2024-50099",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50099"
    },
    {
      "name": "CVE-2023-40167",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-40167"
    },
    {
      "name": "CVE-2023-41900",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-41900"
    },
    {
      "name": "CVE-2025-23184",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-23184"
    },
    {
      "name": "CVE-2023-36479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-36479"
    },
    {
      "name": "CVE-2024-50256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50256"
    },
    {
      "name": "CVE-2023-26048",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-26048"
    },
    {
      "name": "CVE-2024-50110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-50110"
    },
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2025-03-28T00:00:00",
  "last_revision_date": "2025-03-28T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0255",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-03-28T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits IBM. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits IBM",
  "vendor_advisories": [
    {
      "published_at": "2025-03-24",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7228857",
      "url": "https://www.ibm.com/support/pages/node/7228857"
    },
    {
      "published_at": "2025-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7184085",
      "url": "https://www.ibm.com/support/pages/node/7184085"
    },
    {
      "published_at": "2025-03-26",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7229079",
      "url": "https://www.ibm.com/support/pages/node/7229079"
    },
    {
      "published_at": "2025-03-28",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7229377",
      "url": "https://www.ibm.com/support/pages/node/7229377"
    },
    {
      "published_at": "2025-03-24",
      "title": "Bulletin de s\u00e9curit\u00e9 IBM 7228856",
      "url": "https://www.ibm.com/support/pages/node/7228856"
    }
  ]
}

CERTFR-2025-AVI-0263

Vulnerability from certfr_avis - Published: 2025-04-02 - Updated: 2025-04-02

De multiples vulnérabilités ont été découvertes dans HPE Aruba Networking Virtual Intranet Access. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

	Vendor	Product	Description
	HPE Aruba Networking	Virtual Intranet Access	Virtual Intranet Access versions antérieures à 4.7.2

References

Title

Publication Time

Tags

Bulletin de sécurité HPE Aruba Networking HPESBNW04841

2025-04-01

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Virtual Intranet Access versions ant\u00e9rieures \u00e0 4.7.2",
      "product": {
        "name": "Virtual Intranet Access",
        "vendor": {
          "name": "HPE Aruba Networking",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2025-25041",
      "url": "https://www.cve.org/CVERecord?id=CVE-2025-25041"
    },
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2025-04-02T00:00:00",
  "last_revision_date": "2025-04-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2025-AVI-0263",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2025-04-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans HPE Aruba Networking Virtual Intranet Access. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans HPE Aruba Networking Virtual Intranet Access",
  "vendor_advisories": [
    {
      "published_at": "2025-04-01",
      "title": "Bulletin de s\u00e9curit\u00e9 HPE Aruba Networking HPESBNW04841",
      "url": "https://csaf.arubanetworks.com/2025/hpe_aruba_networking_-_hpesbnw04841.txt"
    }
  ]
}

CERTFR-2024-AVI-0484

Vulnerability from certfr_avis - Published: 2024-06-12 - Updated: 2024-06-12

De multiples vulnérabilités ont été découvertes dans les produits Fortinet. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et un contournement de la politique de sécurité.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Fortinet	FortiOS	FortiOS 6.4 toutes versions
Fortinet	FortiOS	FortiOS 6.4 versions antérieures à 6.4.15
Fortinet	FortiPortal	FortiPortal versions 7.2.x antérieures à 7.2.1
Fortinet	FortiPAM	FortiPAM 1.0 toutes versions
Fortinet	FortiPortal	FortiPortal versions 7.x antérieures à 7.0.7
Fortinet	FortiOS	FortiOS 6.2 toutes versions
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.2.x antérieures à 7.2.4
Fortinet	FortiSwitchManager	FortiSwitchManager versions 7.0.x antérieures à 7.0.4
Fortinet	FortiOS	FortiOS 6.2 versions antérieures à 6.2.16
Fortinet	FortiPAM	FortiPAM 1.2 toutes versions
Fortinet	N/A	FortiClientWindows (IPsec VPN) sans le correctif de sécurité à venir
Fortinet	FortiOS	FortiOS versions 7.x antérieures à 7.4.4
Fortinet	FortiOS	FortiOS 6.0 toutes versions
Fortinet	N/A	FortiClientLinux toutes versions sans le correctif de sécurité à venir
Fortinet	FortiSOAR	FortiSOAR versions 7.x antérieures à 7.2.1
Fortinet	N/A	FortiClientWindows (SSL-VPN) toutes versions sans l'utilisation d'un tunnel complet avec 'exclusive-routing' activé
Fortinet	N/A	FortiClientMac toutes versions sans le correctif de sécurité à venir
Fortinet	FortiProxy	FortiProxy versions antérieures à 7.4.4
Fortinet	FortiPAM	FortiPAM 1.1 toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Fortinet FG-IR-23-495	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-170	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-036	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-471	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-24-128	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-460	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-423	2024-06-11	vendor-advisory
Bulletin de sécurité Fortinet FG-IR-23-356	2024-06-11	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "FortiOS 6.4 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.4 versions ant\u00e9rieures \u00e0 6.4.15",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.2.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.0 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPortal versions 7.x ant\u00e9rieures \u00e0 7.0.7",
      "product": {
        "name": "FortiPortal",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.2.x ant\u00e9rieures \u00e0 7.2.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSwitchManager versions 7.0.x ant\u00e9rieures \u00e0 7.0.4",
      "product": {
        "name": "FortiSwitchManager",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.2 versions ant\u00e9rieures \u00e0 6.2.16",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.2 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows (IPsec VPN) sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS versions 7.x ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiOS 6.0 toutes versions",
      "product": {
        "name": "FortiOS",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientLinux toutes versions sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiSOAR versions 7.x ant\u00e9rieures \u00e0 7.2.1",
      "product": {
        "name": "FortiSOAR",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientWindows (SSL-VPN) toutes versions sans l\u0027utilisation d\u0027un tunnel complet avec \u0027exclusive-routing\u0027 activ\u00e9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiClientMac toutes versions sans le correctif de s\u00e9curit\u00e9 \u00e0 venir",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiProxy versions ant\u00e9rieures \u00e0 7.4.4",
      "product": {
        "name": "FortiProxy",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    },
    {
      "description": "FortiPAM 1.1 toutes versions",
      "product": {
        "name": "FortiPAM",
        "vendor": {
          "name": "Fortinet",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-23111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23111"
    },
    {
      "name": "CVE-2024-23110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-23110"
    },
    {
      "name": "CVE-2024-31495",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-31495"
    },
    {
      "name": "CVE-2024-26010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-26010"
    },
    {
      "name": "CVE-2023-46720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-46720"
    },
    {
      "name": "CVE-2024-21754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-21754"
    },
    {
      "name": "CVE-2023-23775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2023-23775"
    },
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2024-06-12T00:00:00",
  "last_revision_date": "2024-06-12T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0484",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Fortinet. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Fortinet",
  "vendor_advisories": [
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-495",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-495"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-170",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-170"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-036",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-036"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-471",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-471"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-24-128",
      "url": "https://www.fortiguard.com/psirt/FG-IR-24-128"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-460",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-460"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-423",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-423"
    },
    {
      "published_at": "2024-06-11",
      "title": "Bulletin de s\u00e9curit\u00e9 Fortinet FG-IR-23-356",
      "url": "https://www.fortiguard.com/psirt/FG-IR-23-356"
    }
  ]
}

CERTFR-2024-AVI-0517

Vulnerability from certfr_avis - Published: 2024-06-25 - Updated: 2024-06-25

Une vulnérabilité a été découverte dans Citrix Secure Access client. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des mesures de contournement.

Impacted products

	Vendor	Product	Description
	Citrix	Citrix Secure Access client	Citrix Secure Access client pour Mac et iOS versions antérieures à 24.06.1
	Citrix	Citrix Secure Access client	Citrix Secure Access client pour Linux toutes versions

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX677069

2024-06-24

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix Secure Access client pour Mac et iOS versions ant\u00e9rieures \u00e0 24.06.1",
      "product": {
        "name": "Citrix Secure Access client",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Secure Access client pour Linux toutes versions",
      "product": {
        "name": "Citrix Secure Access client",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": "Se r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des mesures de contournement.",
  "content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
  "cves": [
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2024-06-25T00:00:00",
  "last_revision_date": "2024-06-25T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0517",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-06-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans Citrix Secure Access client. Elle permet \u00e0 un attaquant de provoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.",
  "title": "Vuln\u00e9rabilit\u00e9 dans Citrix Secure Access client",
  "vendor_advisories": [
    {
      "published_at": "2024-06-24",
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX677069",
      "url": "https://support.citrix.com/article/CTX677069"
    }
  ]
}

CERTFR-2024-AVI-0414

Vulnerability from certfr_avis - Published: 2024-05-17 - Updated: 2024-05-17

Une vulnérabilité a été découverte dans les produits Palo Alto Networks. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données, une atteinte à l'intégrité des données et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Palo Alto Networks	GlobalProtect App	GlobalProtect app toutes versions pour Linux
Palo Alto Networks	GlobalProtect App	GlobalProtect app toutes versions sans l'option Endpoint Traffic Policy Enforcement positionnée à All Traffic pour Windows et macOS
Palo Alto Networks	GlobalProtect App	GlobalProtect app toutes versions sans l'option IncludeAllNetworks positionnée à 1 pour iOS

References

Title

Publication Time

Tags

Bulletin de sécurité Palo Alto Networks CVE-2024-3661 du 16 mai 2024

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "GlobalProtect app toutes versions pour Linux",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect app toutes versions sans l\u0027option Endpoint Traffic Policy Enforcement positionn\u00e9e \u00e0 All Traffic pour Windows et macOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    },
    {
      "description": "GlobalProtect app toutes versions sans l\u0027option IncludeAllNetworks positionn\u00e9e \u00e0 1 pour iOS",
      "product": {
        "name": "GlobalProtect App",
        "vendor": {
          "name": "Palo Alto Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2024-3661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2024-3661"
    }
  ],
  "initial_release_date": "2024-05-17T00:00:00",
  "last_revision_date": "2024-05-17T00:00:00",
  "links": [],
  "reference": "CERTFR-2024-AVI-0414",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2024-05-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans \u003cspan class=\"textit\"\u003eles\nproduits Palo Alto Networks\u003c/span\u003e. Elle permet \u00e0 un attaquant de\nprovoquer une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es, une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans les produits Palo Alto Networks",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Palo Alto Networks CVE-2024-3661 du 16 mai 2024",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
    }
  ]
}

FKIE_CVE-2024-3661

Vulnerability from fkie_nvd - Published: 2024-05-06 19:15 - Updated: 2025-01-15 16:50

Severity ?

7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
7.6 (High) - CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Summary

References

URL	Tags
9119a7d8-5eab-497f-8521-727c672e3725	https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/	Exploit, Press/Media Coverage
9119a7d8-5eab-497f-8521-727c672e3725	https://bst.cisco.com/quickview/bug/CSCwk05814	Third Party Advisory, Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://datatracker.ietf.org/doc/html/rfc2131#section-7	Related
9119a7d8-5eab-497f-8521-727c672e3725	https://datatracker.ietf.org/doc/html/rfc3442#section-7	Related
9119a7d8-5eab-497f-8521-727c672e3725	https://fortiguard.fortinet.com/psirt/FG-IR-24-170	Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://issuetracker.google.com/issues/263721377	Issue Tracking
9119a7d8-5eab-497f-8521-727c672e3725	https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/	Exploit, Press/Media Coverage
9119a7d8-5eab-497f-8521-727c672e3725	https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic	Issue Tracking
9119a7d8-5eab-497f-8521-727c672e3725	https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision	Third Party Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://my.f5.com/manage/s/article/K000139553	Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://news.ycombinator.com/item?id=40279632	Issue Tracking
9119a7d8-5eab-497f-8521-727c672e3725	https://news.ycombinator.com/item?id=40284111	Issue Tracking
9119a7d8-5eab-497f-8521-727c672e3725	https://security.paloaltonetworks.com/CVE-2024-3661	Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661	Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://tunnelvisionbug.com/	Exploit, Third Party Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://www.agwa.name/blog/post/hardening_openvpn_for_def_con	Related
9119a7d8-5eab-497f-8521-727c672e3725	https://www.leviathansecurity.com/research/tunnelvision	Third Party Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/	Exploit, Press/Media Coverage
9119a7d8-5eab-497f-8521-727c672e3725	https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009	Mitigation, Third Party Advisory, Vendor Advisory
9119a7d8-5eab-497f-8521-727c672e3725	https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability	Exploit, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/	Exploit, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://bst.cisco.com/quickview/bug/CSCwk05814	Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://datatracker.ietf.org/doc/html/rfc2131#section-7	Related
af854a3a-2127-422b-91ae-364da2661108	https://datatracker.ietf.org/doc/html/rfc3442#section-7	Related
af854a3a-2127-422b-91ae-364da2661108	https://fortiguard.fortinet.com/psirt/FG-IR-24-170	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://issuetracker.google.com/issues/263721377	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/	Exploit, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://my.f5.com/manage/s/article/K000139553	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://news.ycombinator.com/item?id=40279632	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://news.ycombinator.com/item?id=40284111	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://security.paloaltonetworks.com/CVE-2024-3661	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://tunnelvisionbug.com/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.agwa.name/blog/post/hardening_openvpn_for_def_con	Related
af854a3a-2127-422b-91ae-364da2661108	https://www.leviathansecurity.com/research/tunnelvision	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/	Exploit, Press/Media Coverage
af854a3a-2127-422b-91ae-364da2661108	https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009	Mitigation, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability	Exploit, Third Party Advisory, Vendor Advisory

Impacted products

Vendor	Product	Version
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	*
fortinet	forticlient	7.4.0
fortinet	forticlient	7.4.0
fortinet	forticlient	7.4.0
cisco	anyconnect_vpn_client	-
cisco	secure_client	-
paloaltonetworks	globalprotect	*
paloaltonetworks	globalprotect	*
paloaltonetworks	globalprotect	*
paloaltonetworks	globalprotect	*
citrix	secure_access_client	*
apple	iphone_os	-
apple	macos	-
citrix	secure_access_client	*
linux	linux_kernel	-
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
f5	big-ip_access_policy_manager	*
watchguard	ipsec_mobile_vpn_client	*
watchguard	ipsec_mobile_vpn_client	*
watchguard	mobile_vpn_with_ssl	*
watchguard	mobile_vpn_with_ssl	*
zscaler	client_connector	*
zscaler	client_connector	*
zscaler	client_connector	*
zscaler	client_connector	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F0918F54-0052-42BD-A73E-CFF198B9EC48",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "81B7F626-84B5-47A5-959F-735D6250C147",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "5E714EAF-73AB-41EA-AC57-E59B78FD7853",
              "versionEndExcluding": "7.2.5",
              "versionStartIncluding": "6.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:linux:*:*",
              "matchCriteriaId": "7B728862-1FAB-47B4-823D-2C19CBF76DAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:macos:*:*",
              "matchCriteriaId": "0A079CA4-D957-402A-B899-31F26A89DF00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:anyconnect_vpn_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "59289E79-5A0A-4675-B7D4-C759401736A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:cisco:secure_client:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE81F5D2-269B-4098-AA9F-2DBCA3CB8813",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*",
              "matchCriteriaId": "8EEBB31D-BC9C-4EAD-86B1-8B95AB118A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "4814D5DB-A96C-4D91-9DAE-87FF0DA101D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "72F88FEB-766B-4FCD-B78E-0E8E5E2B5CCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "D5537140-CDA3-4410-B101-24D1AB3624EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB344FC1-AD7C-4988-A703-8B2CD0AEF57C",
              "versionEndExcluding": "24.06.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "697D4070-101A-45B1-99B1-F33ECF03945C",
              "versionEndExcluding": "24.8.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB16CE4D-183C-44B9-A5FF-6F9FA3C0A618",
              "versionEndIncluding": "7.2.5",
              "versionStartIncluding": "7.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
              "versionEndIncluding": "15.1.10",
              "versionStartIncluding": "15.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FEC1DE-D11F-4DC8-8B21-51BAF1731A5F",
              "versionEndIncluding": "16.1.5",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DE3A941-B898-4EAB-9073-C6A312E59FC5",
              "versionEndIncluding": "17.1.2",
              "versionStartIncluding": "17.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "FFB4A7FD-AC96-490D-9CBB-72166D46C4FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "2EAD2DBA-3038-4EF8-8BAE-80BD3DA97B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "AB8A39F6-8AD5-4B9D-92E4-7E28EE78C5B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "0AF97158-6BB8-47CA-8214-98D2F801C8BA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "1F206869-8FCE-40AE-ADDC-62F221E00004",
              "versionEndExcluding": "1.5.1.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
              "matchCriteriaId": "7D37D825-E2B8-4924-AA8A-ACB0E08A3C61",
              "versionEndExcluding": "4.2.0.282",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "4EC77FDF-1E1A-4638-9C9F-DA4205FDD69B",
              "versionEndExcluding": "3.7.0.134",
              "versionStartIncluding": "3.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "C057E1BC-C7BA-4EAF-8200-560035118FA0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
    },
    {
      "lang": "es",
      "value": "Por dise\u00f1o, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opci\u00f3n de ruta est\u00e1tica sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tr\u00e1fico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tr\u00e1fico de red que se esperaba que estuviera protegido por la VPN. Muchos, si no la mayor\u00eda, de los sistemas VPN basados en enrutamiento IP son susceptibles a este tipo de ataques."
    }
  ],
  "id": "CVE-2024-3661",
  "lastModified": "2025-01-15T16:50:28.667",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "9119a7d8-5eab-497f-8521-727c672e3725",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-05-06T19:15:11.027",
  "references": [
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Related"
      ],
      "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Related"
      ],
      "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://issuetracker.google.com/issues/263721377"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000139553"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://news.ycombinator.com/item?id=40279632"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://news.ycombinator.com/item?id=40284111"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://tunnelvisionbug.com/"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Related"
      ],
      "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.leviathansecurity.com/research/tunnelvision"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
    },
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Related"
      ],
      "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Related"
      ],
      "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://issuetracker.google.com/issues/263721377"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://my.f5.com/manage/s/article/K000139553"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://news.ycombinator.com/item?id=40279632"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://news.ycombinator.com/item?id=40284111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://tunnelvisionbug.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Related"
      ],
      "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.leviathansecurity.com/research/tunnelvision"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Press/Media Coverage"
      ],
      "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
    }
  ],
  "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        },
        {
          "lang": "en",
          "value": "CWE-501"
        }
      ],
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2024-3661

Vulnerability from osv_almalinux

Published

2025-01-13 00:00

Modified

2025-01-13 21:27

Summary

Moderate: Bug fix of NetworkManager

Details

Security and Bug Fix(es):

NetworkManager: DHCP routing options can manipulate interface-based VPN traffic (CVE-2024-3661)
Route to VPN server not stored in routing table that is specified by ipv4.route-table (JIRA:AlmaLinux-73051)
VPN connections do not support ipv4.routing-rules settings (JIRA:AlmaLinux-73052)

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-adsl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-bluetooth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-cloud-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-config-connectivity-redhat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-config-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-dispatcher-routing-rules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-initscripts-updown"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-libnm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-libnm-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-ovs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-ppp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-team"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-tui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-wifi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "NetworkManager-wwan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.40.16-18.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "Security and Bug Fix(es):  \n\n  * NetworkManager: DHCP routing options can manipulate interface-based VPN traffic (CVE-2024-3661)\n  * Route to VPN server not stored in routing table that is specified by ipv4.route-table (JIRA:AlmaLinux-73051)\n  * VPN connections do not support ipv4.routing-rules settings (JIRA:AlmaLinux-73052)\n\n\n",
  "id": "ALSA-2025:0288",
  "modified": "2025-01-13T21:27:29Z",
  "published": "2025-01-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:0288"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3661"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2025-0288.html"
    }
  ],
  "related": [
    "CVE-2024-3661"
  ],
  "summary": "Moderate: Bug fix of NetworkManager"
}

CVE-2024-3661

Vulnerability from osv_almalinux

Published

2025-01-16 00:00

Modified

2025-01-17 21:14

Summary

Moderate: Security and bug fixes for NetworkManager

Details

NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.

Security and bug fix(es):

Routes in table different to main are not deleted on reapply [almalinux-9.5.z] (JIRA:AlmaLinux-73013)
Route to VPN server not stored in routing table that is specified by ipv4.route-table [almalinux-9.5.z] (JIRA:AlmaLinux-73166)
VPN connections do not support ipv4.routing-rules settings [almalinux-9.5.z] (JIRA:AlmaLinux-73167)
CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic [almalinux-9.5.z] (JIRA:AlmaLinux-64726)

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-adsl"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-bluetooth"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-cloud-setup"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-config-connectivity-redhat"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-config-server"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-dispatcher-routing-rules"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-initscripts-updown"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-libnm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-libnm-devel"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-ovs"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-ppp"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-team"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-tui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-wifi"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "NetworkManager-wwan"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1:1.48.10-5.el9_5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "NetworkManager is a system network service that manages network devices and connections, attempting to keep active network connectivity when available. Its capabilities include managing Ethernet, wireless, mobile broadband (WWAN), and PPPoE devices, as well as providing VPN integration with a variety of different VPN services.  \n\nSecurity and bug fix(es):  \n\n  * Routes in table different to main are not deleted on reapply [almalinux-9.5.z] (JIRA:AlmaLinux-73013)\n  * Route to VPN server not stored in routing table that is specified by ipv4.route-table [almalinux-9.5.z] (JIRA:AlmaLinux-73166)\n  * VPN connections do not support ipv4.routing-rules settings [almalinux-9.5.z] (JIRA:AlmaLinux-73167)\n  * CVE-2024-3661 NetworkManager: DHCP routing options can manipulate interface-based VPN traffic [almalinux-9.5.z] (JIRA:AlmaLinux-64726)\n\n\n",
  "id": "ALSA-2025:0377",
  "modified": "2025-01-17T21:14:16Z",
  "published": "2025-01-16T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2025:0377"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2024-3661"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2025-0377.html"
    }
  ],
  "related": [
    "CVE-2024-3661"
  ],
  "summary": "Moderate: Security and bug fixes for NetworkManager"
}

GHSA-JCV7-6V4Q-4M7X

Vulnerability from github – Published: 2024-05-06 21:30 – Updated: 2024-07-01 15:31

Details

By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.

Severity ?

8.8 (High)


                  
                    CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-3661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-306"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-06T19:15:11Z",
    "severity": "HIGH"
  },
  "details": "By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.\n",
  "id": "GHSA-jcv7-6v4q-4m7x",
  "modified": "2024-07-01T15:31:59Z",
  "published": "2024-05-06T21:30:38Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3661"
    },
    {
      "type": "WEB",
      "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
    },
    {
      "type": "WEB",
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
    },
    {
      "type": "WEB",
      "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp"
    },
    {
      "type": "WEB",
      "url": "https://www.leviathansecurity.com/research/tunnelvision"
    },
    {
      "type": "WEB",
      "url": "https://www.leviathansecurity.com/blog/tunnelvision"
    },
    {
      "type": "WEB",
      "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
    },
    {
      "type": "WEB",
      "url": "https://tunnelvisionbug.com"
    },
    {
      "type": "WEB",
      "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
    },
    {
      "type": "WEB",
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=40284111"
    },
    {
      "type": "WEB",
      "url": "https://news.ycombinator.com/item?id=40279632"
    },
    {
      "type": "WEB",
      "url": "https://my.f5.com/manage/s/article/K000139553"
    },
    {
      "type": "WEB",
      "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
    },
    {
      "type": "WEB",
      "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
    },
    {
      "type": "WEB",
      "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims"
    },
    {
      "type": "WEB",
      "url": "https://issuetracker.google.com/issues/263721377"
    },
    {
      "type": "WEB",
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
    },
    {
      "type": "WEB",
      "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
    },
    {
      "type": "WEB",
      "url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
    },
    {
      "type": "WEB",
      "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-3661

Vulnerability from gsd - Updated: 2024-04-12 05:02

Details

** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Aliases

CVE-2024-3661

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-3661"
      ],
      "id": "GSD-2024-3661",
      "modified": "2024-04-12T05:02:29.334294Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2024-3661",
        "STATE": "RESERVED"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
          }
        ]
      }
    }
  }
}

CVE-2024-3661

Vulnerability from fstec - Published: 06.05.2024

Title

Уязвимость реализации протокола DHCP, связанная с отсутствием аутентификации для критичной функции, позволяющая нарушителю манипулировать маршрутами для перенаправления VPN-трафика

Description

Уязвимость реализации протокола DHCP связана с отсутствием аутентификации для критичной функции. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, манипулировать маршрутами для перенаправления VPN-трафика

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Сообщество свободного программного обеспечения, Microsoft Corp, Apple Inc., ООО «НЦПР»

Software Name

Linux, Windows, MacOS, iOS, МСВСфера

Software Version

- (Linux), - (Windows), - (MacOS), - (iOS), 9.5 (МСВСфера)

Possible Mitigations

Компенсирующие меры: - отслеживание DHCP-трафика - активация функций ARP-защиты - ограничение доступа к DHCP-серверу доверенными IP-адресами - отключение опции 121 «Бесклассовые статические маршруты» для DHCP-сервера при использовании в сети VPN ( конкретная команда или последовательность действий зависят от операционной системы и модели применяемого оборудования); использование средств межсетевого экранирования для ограничения возможности удалённого доступа к устройствам; - использование систем обнаружения и предотвращения вторжений для контроля попыток подключения к устройствам. Для МСВСфера: https://errata.msvsphere-os.ru/definition/9/INFCESA-2025:0006?lang=ru

Reference

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-pose/ https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision https://news.ycombinator.com/item?id=40279632 https://news.ycombinator.com/item?id=40284111 https://tunnelvisionbug.com/ https://www.agwa.name/blog/post/hardening_openvpn_for_def_con https://www.leviathansecurity.com/research/tunnelvision https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability https://errata.msvsphere-os.ru/definition/9/INFCESA-2025:0006?lang=ru

CWE

CWE-306, CWE-501

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, Microsoft Corp, Apple Inc., \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "- (Linux), - (Windows), - (MacOS), - (iOS), 9.5 (\u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041a\u043e\u043c\u043f\u0435\u043d\u0441\u0438\u0440\u0443\u044e\u0449\u0438\u0435 \u043c\u0435\u0440\u044b:\n- \u043e\u0442\u0441\u043b\u0435\u0436\u0438\u0432\u0430\u043d\u0438\u0435 DHCP-\u0442\u0440\u0430\u0444\u0438\u043a\u0430\n- \u0430\u043a\u0442\u0438\u0432\u0430\u0446\u0438\u044f \u0444\u0443\u043d\u043a\u0446\u0438\u0439 ARP-\u0437\u0430\u0449\u0438\u0442\u044b\n- \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a DHCP-\u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0434\u043e\u0432\u0435\u0440\u0435\u043d\u043d\u044b\u043c\u0438 IP-\u0430\u0434\u0440\u0435\u0441\u0430\u043c\u0438\n- \u043e\u0442\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u043e\u043f\u0446\u0438\u0438 121 \u00ab\u0411\u0435\u0441\u043a\u043b\u0430\u0441\u0441\u043e\u0432\u044b\u0435 \u0441\u0442\u0430\u0442\u0438\u0447\u0435\u0441\u043a\u0438\u0435 \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u044b\u00bb \u0434\u043b\u044f DHCP-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 \u043f\u0440\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0438 \u0432 \u0441\u0435\u0442\u0438 VPN ( \u043a\u043e\u043d\u043a\u0440\u0435\u0442\u043d\u0430\u044f \u043a\u043e\u043c\u0430\u043d\u0434\u0430 \u0438\u043b\u0438 \u043f\u043e\u0441\u043b\u0435\u0434\u043e\u0432\u0430\u0442\u0435\u043b\u044c\u043d\u043e\u0441\u0442\u044c \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0439 \u0437\u0430\u0432\u0438\u0441\u044f\u0442 \u043e\u0442 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0438 \u043c\u043e\u0434\u0435\u043b\u0438 \u043f\u0440\u0438\u043c\u0435\u043d\u044f\u0435\u043c\u043e\u0433\u043e \u043e\u0431\u043e\u0440\u0443\u0434\u043e\u0432\u0430\u043d\u0438\u044f);\n\u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432 \u043c\u0435\u0436\u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u044d\u043a\u0440\u0430\u043d\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0434\u043b\u044f \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u044f \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e\u0441\u0442\u0438 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e\u0433\u043e \u0434\u043e\u0441\u0442\u0443\u043f\u0430 \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c;\n- \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u0438\u044f \u0438 \u043f\u0440\u0435\u0434\u043e\u0442\u0432\u0440\u0430\u0449\u0435\u043d\u0438\u044f \u0432\u0442\u043e\u0440\u0436\u0435\u043d\u0438\u0439 \u0434\u043b\u044f \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u043f\u043e\u043f\u044b\u0442\u043e\u043a \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0443\u0441\u0442\u0440\u043e\u0439\u0441\u0442\u0432\u0430\u043c.\n\n\u0414\u043b\u044f \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430: https://errata.msvsphere-os.ru/definition/9/INFCESA-2025:0006?lang=ru",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "06.05.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.11.2025",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "13.05.2024",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2024-03571",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2024-3661",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Linux, Windows, MacOS, iOS, \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux - , Microsoft Corp Windows - , Apple Inc. MacOS - , Apple Inc. iOS - , \u041e\u041e\u041e \u00ab\u041d\u0426\u041f\u0420\u00bb \u041c\u0421\u0412\u0421\u0444\u0435\u0440\u0430 9.5 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DHCP, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f VPN-\u0442\u0440\u0430\u0444\u0438\u043a\u0430",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438 (CWE-306), \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0434\u043e\u0432\u0435\u0440\u0438\u044f (CWE-501)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0440\u0435\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 DHCP \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438 \u0434\u043b\u044f \u043a\u0440\u0438\u0442\u0438\u0447\u043d\u043e\u0439 \u0444\u0443\u043d\u043a\u0446\u0438\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043c\u0430\u0440\u0448\u0440\u0443\u0442\u0430\u043c\u0438 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f VPN-\u0442\u0440\u0430\u0444\u0438\u043a\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "\u0410\u0442\u0430\u043a\u0430 \u043c\u043e\u0436\u0435\u0442 \u0431\u044b\u0442\u044c \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u0435\u043d\u0430 \u0432 \u043b\u044e\u0431\u044b\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c\u0430\u0445, \u043f\u043e\u0434\u0434\u0435\u0440\u0436\u0438\u0432\u0430\u044e\u0449\u0438\u0445 121 \u043e\u043f\u0446\u0438\u044e DHCP, \u0432\u043a\u043b\u044e\u0447\u0430\u044f Linux, Windows, iOS \u0438 macOS, \u043d\u0435\u0437\u0430\u0432\u0438\u0441\u0438\u043c\u043e \u043e\u0442 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0433\u043e \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 VPN.",
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0440\u0433\u0430\u043d\u0438\u0437\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0435 \u043c\u0435\u0440\u044b",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0443\u0442\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-pose/\nhttps://datatracker.ietf.org/doc/html/rfc2131#section-7\nhttps://datatracker.ietf.org/doc/html/rfc3442#section-7\nhttps://issuetracker.google.com/issues/263721377\nhttps://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/\nhttps://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic\nhttps://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision\nhttps://news.ycombinator.com/item?id=40279632\nhttps://news.ycombinator.com/item?id=40284111\nhttps://tunnelvisionbug.com/\nhttps://www.agwa.name/blog/post/hardening_openvpn_for_def_con\nhttps://www.leviathansecurity.com/research/tunnelvision\nhttps://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability\nhttps://errata.msvsphere-os.ru/definition/9/INFCESA-2025:0006?lang=ru",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-306, CWE-501",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.1 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-3661 (GCVE-0-2024-3661)

Solutions

Solutions

Solutions

Solutions

Solution

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Tags

Sightings

Nomenclature