CVE-2024-3661

CVSS V2 None CVSS V3 None

Description

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Overview

CVE ID
CVE-2024-3661

Assigner
cisa-cg

Vulnerability Status
PUBLISHED

Published Version
2024-05-06T18:31:21.217Z

Last Modified Date
2024-05-08T16:23:17.978Z

Weakness Enumerations

CWE	URL
CWE-306	http://cwe.mitre.org/data/definitions/306.html
CWE-501	http://cwe.mitre.org/data/definitions/501.html

References

Reference URL	Reference Tags
https://datatracker.ietf.org/doc/html/rfc2131#section-7
https://datatracker.ietf.org/doc/html/rfc3442#section-7
https://tunnelvisionbug.com/
https://www.leviathansecurity.com/research/tunnelvision
https://news.ycombinator.com/item?id=40279632
https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
https://issuetracker.google.com/issues/263721377
https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability
https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic
https://news.ycombinator.com/item?id=40284111
https://www.agwa.name/blog/post/hardening_openvpn_for_def_con
https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-3661
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3661

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 23:50:36				Added to TrackCVE