admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 01:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-36xx/CVE-2024-3661.json
cad-safe-bot a5a50d623f Auto-Update: 2025-01-15T17:00:40.271600+00:00
2025-01-15 17:04:07 +00:00

640 lines
20 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-3661",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-05-06T19:15:11.027",
"lastModified": "2025-01-15T16:50:28.667",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
},
{
"lang": "es",
"value": "Por dise\u00f1o, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opci\u00f3n de ruta est\u00e1tica sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tr\u00e1fico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tr\u00e1fico de red que se esperaba que estuviera protegido por la VPN. Muchos, si no la mayor\u00eda, de los sistemas VPN basados en enrutamiento IP son susceptibles a este tipo de ataques."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
},
{
"lang": "en",
"value": "CWE-501"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "F0918F54-0052-42BD-A73E-CFF198B9EC48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "81B7F626-84B5-47A5-959F-735D6250C147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "5E714EAF-73AB-41EA-AC57-E59B78FD7853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:linux:*:*",
"matchCriteriaId": "7B728862-1FAB-47B4-823D-2C19CBF76DAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:macos:*:*",
"matchCriteriaId": "0A079CA4-D957-402A-B899-31F26A89DF00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
"matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:anyconnect_vpn_client:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59289E79-5A0A-4675-B7D4-C759401736A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:secure_client:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE81F5D2-269B-4098-AA9F-2DBCA3CB8813"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*",
"matchCriteriaId": "8EEBB31D-BC9C-4EAD-86B1-8B95AB118A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*",
"matchCriteriaId": "4814D5DB-A96C-4D91-9DAE-87FF0DA101D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "72F88FEB-766B-4FCD-B78E-0E8E5E2B5CCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "D5537140-CDA3-4410-B101-24D1AB3624EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.06.1",
"matchCriteriaId": "CB344FC1-AD7C-4988-A703-8B2CD0AEF57C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.8.5",
"matchCriteriaId": "697D4070-101A-45B1-99B1-F33ECF03945C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.3",
"versionEndIncluding": "7.2.5",
"matchCriteriaId": "FB16CE4D-183C-44B9-A5FF-6F9FA3C0A618"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.10",
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndIncluding": "16.1.5",
"matchCriteriaId": "E8FEC1DE-D11F-4DC8-8B21-51BAF1731A5F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndIncluding": "17.1.2",
"matchCriteriaId": "9DE3A941-B898-4EAB-9073-C6A312E59FC5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "FFB4A7FD-AC96-490D-9CBB-72166D46C4FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "2EAD2DBA-3038-4EF8-8BAE-80BD3DA97B33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:macos:*:*",
"matchCriteriaId": "AB8A39F6-8AD5-4B9D-92E4-7E28EE78C5B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:*",
"matchCriteriaId": "0AF97158-6BB8-47CA-8214-98D2F801C8BA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"versionEndExcluding": "1.5.1.25",
"matchCriteriaId": "1F206869-8FCE-40AE-ADDC-62F221E00004"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
"versionEndExcluding": "4.2.0.282",
"matchCriteriaId": "7D37D825-E2B8-4924-AA8A-ACB0E08A3C61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"versionStartIncluding": "3.7",
"versionEndExcluding": "3.7.0.134",
"matchCriteriaId": "4EC77FDF-1E1A-4638-9C9F-DA4205FDD69B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*",
"matchCriteriaId": "C057E1BC-C7BA-4EAF-8200-560035118FA0"
}
]
}
]
}
],
"references": [
{
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
]
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
]
},
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://issuetracker.google.com/issues/263721377",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000139553",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=40279632",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://news.ycombinator.com/item?id=40284111",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3661",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://tunnelvisionbug.com/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Related"
]
},
{
"url": "https://www.leviathansecurity.com/research/tunnelvision",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",
"source": "9119a7d8-5eab-497f-8521-727c672e3725",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
]
},
{
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
]
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
]
},
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://issuetracker.google.com/issues/263721377",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
]
},
{
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000139553",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://news.ycombinator.com/item?id=40279632",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://news.ycombinator.com/item?id=40284111",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3661",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://tunnelvisionbug.com/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Related"
]
},
{
"url": "https://www.leviathansecurity.com/research/tunnelvision",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Press/Media Coverage"
]
},
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Vendor Advisory"
]
},
{
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink