How severe is CVE-2024-3661?

CVE-2024-3661 has a CVSS v3 score of 7.6 (HIGH).

CVE-2024-3661

Name: forticlient
Author: fortinet

7.6HIGH

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the

Veröffentlicht: 5/6/2024Aktualisiert: 1/15/2025

Beschreibung

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

KI-AnalyseKI-gestützt

Betroffene Produkte

fortinetforticlient

7.4.0

fortinetforticlient

7.4.0

fortinetforticlient

7.4.0

ciscoanyconnect_vpn_client

ciscosecure_client

paloaltonetworksglobalprotect

citrixsecure_access_client

appleiphone_os

applemacos

citrixsecure_access_client

linuxlinux_kernel

f5big-ip_access_policy_manager

watchguardipsec_mobile_vpn_client

watchguardmobile_vpn_with_ssl

zscalerclient_connector

Referenzen

https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
ExploitPress/Media Coverage
https://bst.cisco.com/quickview/bug/CSCwk05814
Third Party AdvisoryVendor Advisory
https://datatracker.ietf.org/doc/html/rfc2131#section-7
Related
https://datatracker.ietf.org/doc/html/rfc3442#section-7
Related
https://fortiguard.fortinet.com/psirt/FG-IR-24-170
Vendor Advisory
https://issuetracker.google.com/issues/263721377
Issue Tracking
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
ExploitPress/Media Coverage
https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic
Issue Tracking
https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
Third Party Advisory
https://my.f5.com/manage/s/article/K000139553
Vendor Advisory
https://news.ycombinator.com/item?id=40279632
Issue Tracking
https://news.ycombinator.com/item?id=40284111
Issue Tracking
https://security.paloaltonetworks.com/CVE-2024-3661
Vendor Advisory
https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661
Vendor Advisory
https://tunnelvisionbug.com/
ExploitThird Party Advisory
https://www.agwa.name/blog/post/hardening_openvpn_for_def_con
Related
https://www.leviathansecurity.com/research/tunnelvision
Third Party Advisory
https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/
ExploitPress/Media Coverage
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009
MitigationThird Party AdvisoryVendor Advisory
https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability
ExploitThird Party AdvisoryVendor Advisory