All the vulnerabilites related to IETF - DHCP
cve-2024-3661
Vulnerability from cvelistv5
Published
2024-05-06 18:31
Modified
2024-08-28 19:09
Severity ?
EPSS score ?
Summary
DHCP routing options can manipulate interface-based VPN traffic
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:00.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"tags": [
"x_transferred"
],
"url": "https://tunnelvisionbug.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"tags": [
"x_transferred"
],
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"tags": [
"x_transferred"
],
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"tags": [
"x_transferred"
],
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"tags": [
"x_transferred"
],
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"tags": [
"x_transferred"
],
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"tags": [
"x_transferred"
],
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"tags": [
"x_transferred"
],
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"tags": [
"x_transferred"
],
"url": "https://my.f5.com/manage/s/article/K000139553"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3661",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-08T04:00:07.962328Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-28T19:09:06.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "DHCP",
"vendor": "IETF",
"versions": [
{
"status": "affected",
"version": "0"
}
]
}
],
"datePublic": "2002-12-31T01:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}
],
"value": "DHCP can add routes to a client\u2019s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-501",
"description": "CWE-501 Trust Boundary Violation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-01T15:04:50.790Z",
"orgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"shortName": "cisa-cg"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/html/rfc2131#section-7"
},
{
"url": "https://datatracker.ietf.org/doc/html/rfc3442#section-7"
},
{
"url": "https://tunnelvisionbug.com/"
},
{
"url": "https://www.leviathansecurity.com/research/tunnelvision"
},
{
"url": "https://news.ycombinator.com/item?id=40279632"
},
{
"url": "https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/"
},
{
"url": "https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/"
},
{
"url": "https://issuetracker.google.com/issues/263721377"
},
{
"url": "https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision"
},
{
"url": "https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability"
},
{
"url": "https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic"
},
{
"url": "https://news.ycombinator.com/item?id=40284111"
},
{
"url": "https://www.agwa.name/blog/post/hardening_openvpn_for_def_con"
},
{
"url": "https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/"
},
{
"url": "https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661"
},
{
"url": "https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009"
},
{
"url": "https://bst.cisco.com/quickview/bug/CSCwk05814"
},
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3661"
},
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-170"
},
{
"url": "https://my.f5.com/manage/s/article/K000139553"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "DHCP routing options can manipulate interface-based VPN traffic",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "9119a7d8-5eab-497f-8521-727c672e3725",
"assignerShortName": "cisa-cg",
"cveId": "CVE-2024-3661",
"datePublished": "2024-05-06T18:31:21.217Z",
"dateReserved": "2024-04-11T17:24:22.637Z",
"dateUpdated": "2024-08-28T19:09:06.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}