Sign-up

ID

VAR-202405-0458


CVE

CVE-2024-3661


DESCRIPTION

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Trust: 1.0

sources: NVD: CVE-2024-3661

AFFECTED PRODUCTS

vendor:f5model:big-ip access policy managerscope:lteversion:7.2.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:15.1.0

Trust: 1.0

vendor:zscalermodel:client connectorscope:ltversion:4.2.0.282

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:17.1.2

Trust: 1.0

vendor:zscalermodel:client connectorscope:ltversion:3.7.0.134

Trust: 1.0

vendor:watchguardmodel:ipsec mobile vpn clientscope:eqversion:*

Trust: 1.0

vendor:fortinetmodel:forticlientscope:eqversion:7.4.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:17.1.0

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:15.1.10

Trust: 1.0

vendor:paloaltonetworksmodel:globalprotectscope:eqversion:*

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:lteversion:16.1.5

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:7.2.3

Trust: 1.0

vendor:zscalermodel:client connectorscope:gteversion:3.7

Trust: 1.0

vendor:zscalermodel:client connectorscope:ltversion:1.5.1.25

Trust: 1.0

vendor:ciscomodel:secure clientscope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:forticlientscope:ltversion:7.2.5

Trust: 1.0

vendor:watchguardmodel:mobile vpn with sslscope:eqversion:*

Trust: 1.0

vendor:ciscomodel:anyconnect vpn clientscope:eqversion: -

Trust: 1.0

vendor:citrixmodel:secure access clientscope:ltversion:24.06.1

Trust: 1.0

vendor:f5model:big-ip access policy managerscope:gteversion:16.1.0

Trust: 1.0

vendor:zscalermodel:client connectorscope:eqversion: -

Trust: 1.0

vendor:fortinetmodel:forticlientscope:gteversion:6.4.0

Trust: 1.0

vendor:citrixmodel:secure access clientscope:ltversion:24.8.5

Trust: 1.0

sources: NVD: CVE-2024-3661

CVSS

SEVERITY

CVSSV2

CVSSV3

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-3661
value: HIGH

Trust: 1.0

nvd@nist.gov: CVE-2024-3661
value: HIGH

Trust: 1.0

9119a7d8-5eab-497f-8521-727c672e3725: CVE-2024-3661
baseSeverity: HIGH
baseScore: 7.6
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: LOW
exploitabilityScore: 2.8
impactScore: 4.7
version: 3.1

Trust: 2.0

sources: NVD: CVE-2024-3661 // NVD: CVE-2024-3661

PROBLEMTYPE DATA

problemtype:CWE-501

Trust: 1.0

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2024-3661

EXTERNAL IDS

db:NVDid:CVE-2024-3661

Trust: 1.0

sources: NVD: CVE-2024-3661

REFERENCES

url:https://datatracker.ietf.org/doc/html/rfc2131#section-7

Trust: 1.0

url:https://www.leviathansecurity.com/research/tunnelvision

Trust: 1.0

url:https://news.ycombinator.com/item?id=40284111

Trust: 1.0

url:https://fortiguard.fortinet.com/psirt/fg-ir-24-170

Trust: 1.0

url:https://bst.cisco.com/quickview/bug/cscwk05814

Trust: 1.0

url:https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic

Trust: 1.0

url:https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision

Trust: 1.0

url:https://tunnelvisionbug.com/

Trust: 1.0

url:https://security.paloaltonetworks.com/cve-2024-3661

Trust: 1.0

url:https://www.agwa.name/blog/post/hardening_openvpn_for_def_con

Trust: 1.0

url:https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/

Trust: 1.0

url:https://issuetracker.google.com/issues/263721377

Trust: 1.0

url:https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/

Trust: 1.0

url:https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009

Trust: 1.0

url:https://news.ycombinator.com/item?id=40279632

Trust: 1.0

url:https://support.citrix.com/article/ctx677069/cloud-software-group-security-advisory-for-cve20243661

Trust: 1.0

url:https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/

Trust: 1.0

url:https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability

Trust: 1.0

url:https://my.f5.com/manage/s/article/k000139553

Trust: 1.0

url:https://datatracker.ietf.org/doc/html/rfc3442#section-7

Trust: 1.0

sources: NVD: CVE-2024-3661

SOURCES

db:NVDid:CVE-2024-3661

LAST UPDATE DATE

2025-01-15T23:06:15.378000+00:00


SOURCES UPDATE DATE

db:NVDid:CVE-2024-3661date:2025-01-15T16:50:28.667

SOURCES RELEASE DATE

db:NVDid:CVE-2024-3661date:2024-05-06T19:15:11.027