QwikSec

Security Database

CVE

CWE

Training

CVE-2024-3661

Published: May 6, 2024

Modified: Aug 28, 2024

PUBLISHED

CVSS v3.1

7.6

HIGH

Description

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Vendor	Product	Versions
IETF	DHCP	affected `0`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

Low

Availability

Low

References

https://datatracker.ietf.org/doc/html/rfc2131#section-7

https://datatracker.ietf.org/doc/html/rfc3442#section-7

https://tunnelvisionbug.com/

https://www.leviathansecurity.com/research/tunnelvision

https://news.ycombinator.com/item?id=40279632

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

https://issuetracker.google.com/issues/263721377

https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision

https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability

https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic

https://news.ycombinator.com/item?id=40284111

https://www.agwa.name/blog/post/hardening_openvpn_for_def_con

https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/

https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661

https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009

https://bst.cisco.com/quickview/bug/CSCwk05814

https://security.paloaltonetworks.com/CVE-2024-3661

https://fortiguard.fortinet.com/psirt/FG-IR-24-170

https://my.f5.com/manage/s/article/K000139553

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.