- Description
- DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
- Source
- 9119a7d8-5eab-497f-8521-727c672e3725
- NVD status
- Analyzed
CVSS 3.1
- Type
- Primary
- Base score
- 7.6
- Impact score
- 4.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
- Severity
- HIGH
- Hype score
- Not currently trending
"TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak". #VPN #Decloaking https://t.co/G7YIV0Y0EA
@bitsbythebyte
27 Jan 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Harsh presents TunnelVision (cve-2024-3661) #owasp #ottawa https://t.co/kvxXhQHXTI
@OWASP_Ottawa
85 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "F0918F54-0052-42BD-A73E-CFF198B9EC48",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "81B7F626-84B5-47A5-959F-735D6250C147",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "5E714EAF-73AB-41EA-AC57-E59B78FD7853",
"versionEndExcluding": "7.2.5",
"versionStartIncluding": "6.4.0"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "7B728862-1FAB-47B4-823D-2C19CBF76DAD"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "0A079CA4-D957-402A-B899-31F26A89DF00"
},
{
"criteria": "cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "6B512696-8596-4458-ADC9-24DD3C6C377B"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cisco:anyconnect_vpn_client:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "59289E79-5A0A-4675-B7D4-C759401736A9"
},
{
"criteria": "cpe:2.3:a:cisco:secure_client:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FE81F5D2-269B-4098-AA9F-2DBCA3CB8813"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:*",
"vulnerable": true,
"matchCriteriaId": "8EEBB31D-BC9C-4EAD-86B1-8B95AB118A2D"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "4814D5DB-A96C-4D91-9DAE-87FF0DA101D2"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "72F88FEB-766B-4FCD-B78E-0E8E5E2B5CCA"
},
{
"criteria": "cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "D5537140-CDA3-4410-B101-24D1AB3624EA"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CB344FC1-AD7C-4988-A703-8B2CD0AEF57C",
"versionEndExcluding": "24.06.1"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "B5415705-33E5-46D5-8E4D-9EBADC8C5705"
},
{
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "697D4070-101A-45B1-99B1-F33ECF03945C",
"versionEndExcluding": "24.8.5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB16CE4D-183C-44B9-A5FF-6F9FA3C0A618",
"versionEndIncluding": "7.2.5",
"versionStartIncluding": "7.2.3"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A7F605E-EB10-40FB-98D6-7E3A95E310BC",
"versionEndIncluding": "15.1.10",
"versionStartIncluding": "15.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8FEC1DE-D11F-4DC8-8B21-51BAF1731A5F",
"versionEndIncluding": "16.1.5",
"versionStartIncluding": "16.1.0"
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DE3A941-B898-4EAB-9073-C6A312E59FC5",
"versionEndIncluding": "17.1.2",
"versionStartIncluding": "17.1.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "FFB4A7FD-AC96-490D-9CBB-72166D46C4FD"
},
{
"criteria": "cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "2EAD2DBA-3038-4EF8-8BAE-80BD3DA97B33"
},
{
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "AB8A39F6-8AD5-4B9D-92E4-7E28EE78C5B2"
},
{
"criteria": "cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "0AF97158-6BB8-47CA-8214-98D2F801C8BA"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "1F206869-8FCE-40AE-ADDC-62F221E00004",
"versionEndExcluding": "1.5.1.25"
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:*",
"vulnerable": true,
"matchCriteriaId": "7D37D825-E2B8-4924-AA8A-ACB0E08A3C61",
"versionEndExcluding": "4.2.0.282"
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:*",
"vulnerable": true,
"matchCriteriaId": "4EC77FDF-1E1A-4638-9C9F-DA4205FDD69B",
"versionEndExcluding": "3.7.0.134",
"versionStartIncluding": "3.7"
},
{
"criteria": "cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:*",
"vulnerable": true,
"matchCriteriaId": "C057E1BC-C7BA-4EAF-8200-560035118FA0"
}
],
"operator": "OR"
}
]
}
]