nvd-json-data-feeds/CVE-2024/CVE-2024-36xx/CVE-2024-3661.json

{
  "id": "CVE-2024-3661",
  "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
  "published": "2024-05-06T19:15:11.027",
  "lastModified": "2024-11-21T09:30:07.610",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
    },
    {
      "lang": "es",
      "value": "Por dise\u00f1o, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opci\u00f3n de ruta est\u00e1tica sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tr\u00e1fico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tr\u00e1fico de red que se esperaba que estuviera protegido por la VPN. Muchos, si no la mayor\u00eda, de los sistemas VPN basados en enrutamiento IP son susceptibles a este tipo de ataques."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "9119a7d8-5eab-497f-8521-727c672e3725",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
          "baseScore": 7.6,
          "baseSeverity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "9119a7d8-5eab-497f-8521-727c672e3725",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        },
        {
          "lang": "en",
          "value": "CWE-501"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://bst.cisco.com/quickview/bug/CSCwk05814",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://issuetracker.google.com/issues/263721377",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://my.f5.com/manage/s/article/K000139553",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://news.ycombinator.com/item?id=40279632",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://news.ycombinator.com/item?id=40284111",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://tunnelvisionbug.com/",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://www.leviathansecurity.com/research/tunnelvision",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",
      "source": "9119a7d8-5eab-497f-8521-727c672e3725"
    },
    {
      "url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://bst.cisco.com/quickview/bug/CSCwk05814",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://issuetracker.google.com/issues/263721377",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://my.f5.com/manage/s/article/K000139553",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://news.ycombinator.com/item?id=40279632",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://news.ycombinator.com/item?id=40284111",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://security.paloaltonetworks.com/CVE-2024-3661",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://tunnelvisionbug.com/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.leviathansecurity.com/research/tunnelvision",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    },
    {
      "url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",
      "source": "af854a3a-2127-422b-91ae-364da2661108"
    }
  ]
}
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`{`
			`"id": "CVE-2024-3661",`
			`"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",`
			`"published": "2024-05-06T19:15:11.027",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"lastModified": "2024-11-21T09:30:07.610",`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`"vulnStatus": "Awaiting Analysis",`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`"cveTags": [],`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`"descriptions": [`
			`{`
			`"lang": "en",`
Auto-Update: 2024-05-08T18:00:38.537051+00:00 2024-05-08 18:03:29 +00:00			`"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`},`
			`{`
			`"lang": "es",`
			"value": "Por dise\u00f1o, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opci\u00f3n de ruta est\u00e1tica sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tr\u00e1fico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tr\u00e1fico de red que se esperaba que estuviera protegido por la VPN. Muchos, si no la mayor\u00eda, de los sistemas VPN basados en enrutamiento IP son susceptibles a este tipo de ataques."
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`}`
			`],`
			`"metrics": {`
			`"cvssMetricV31": [`
			`{`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725",`
			`"type": "Secondary",`
			`"cvssData": {`
			`"version": "3.1",`
Auto-Update: 2024-05-07T02:00:29.790723+00:00 2024-05-07 02:03:21 +00:00			`"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"baseScore": 7.6,`
			`"baseSeverity": "HIGH",`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`"attackVector": "ADJACENT_NETWORK",`
			`"attackComplexity": "LOW",`
			`"privilegesRequired": "NONE",`
			`"userInteraction": "NONE",`
Auto-Update: 2024-05-07T02:00:29.790723+00:00 2024-05-07 02:03:21 +00:00			`"scope": "UNCHANGED",`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`"confidentialityImpact": "HIGH",`
			`"integrityImpact": "LOW",`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`"availabilityImpact": "LOW"`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`},`
			`"exploitabilityScore": 2.8,`
Auto-Update: 2024-05-07T02:00:29.790723+00:00 2024-05-07 02:03:21 +00:00			`"impactScore": 4.7`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`}`
			`]`
			`},`
			`"weaknesses": [`
			`{`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725",`
			`"type": "Secondary",`
			`"description": [`
			`{`
			`"lang": "en",`
			`"value": "CWE-306"`
			`},`
			`{`
			`"lang": "en",`
			`"value": "CWE-501"`
			`}`
			`]`
			`}`
			`],`
			`"references": [`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`{`
			`"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`{`
			`"url": "https://bst.cisco.com/quickview/bug/CSCwk05814",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`{`
			`"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
			`{`
			`"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`{`
			`"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`{`
			`"url": "https://issuetracker.google.com/issues/263721377",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
			`{`
			`"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
			`{`
			`"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
			`{`
			`"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`{`
			`"url": "https://my.f5.com/manage/s/article/K000139553",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T08:00:38.365496+00:00 2024-05-07 08:03:28 +00:00			`{`
			`"url": "https://news.ycombinator.com/item?id=40279632",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`{`
			`"url": "https://news.ycombinator.com/item?id=40284111",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`{`
			`"url": "https://security.paloaltonetworks.com/CVE-2024-3661",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
			`{`
			`"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`{`
Auto-Update: 2024-05-07T02:00:29.790723+00:00 2024-05-07 02:03:21 +00:00			`"url": "https://tunnelvisionbug.com/",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`{`
			`"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T02:00:29.790723+00:00 2024-05-07 02:03:21 +00:00			`{`
			`"url": "https://www.leviathansecurity.com/research/tunnelvision",`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`},`
Auto-Update: 2024-05-08T23:55:29.887921+00:00 2024-05-08 23:58:22 +00:00			`{`
			`"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-07-01T20:01:26.920930+00:00 2024-07-01 20:04:24 +00:00			`{`
			`"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
			`},`
Auto-Update: 2024-05-07T20:00:38.106815+00:00 2024-05-07 20:03:28 +00:00			`{`
			`"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",`
			`"source": "9119a7d8-5eab-497f-8521-727c672e3725"`
Auto-Update: 2024-12-08T03:00:18.988682+00:00 2024-12-08 03:06:42 +00:00			`},`
			`{`
			`"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://bst.cisco.com/quickview/bug/CSCwk05814",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://issuetracker.google.com/issues/263721377",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://my.f5.com/manage/s/article/K000139553",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://news.ycombinator.com/item?id=40279632",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://news.ycombinator.com/item?id=40284111",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://security.paloaltonetworks.com/CVE-2024-3661",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://tunnelvisionbug.com/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://www.leviathansecurity.com/research/tunnelvision",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
			`},`
			`{`
			`"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",`
			`"source": "af854a3a-2127-422b-91ae-364da2661108"`
Auto-Update: 2024-05-06T20:00:37.460541+00:00 2024-05-06 20:03:28 +00:00			`}`
			`]`
			`}`