DHCP Vulnerability Allows Attackers to Manipulate VPN Traffic
CVE-2024-3661

7.6HIGH

Key Information:

Vendor
Ietf
Status
Dhcp
Vendor
CVE Published:
6 May 2024

Badges

🥇 Trended No. 1📈 Trended📈 Score: 8,020👾 Exploit Exists📰 News Worthy

What is CVE-2024-3661?

CVE-2024-3661 is a significant vulnerability associated with the DHCP configuration in networking environments. This vulnerability can permit attackers within the same local network to manipulate VPN traffic, creating avenues for interception and modification of data that is intended to be secure. By leveraging this vulnerability, which affects VPN solutions reliant on DHCP for routing, malicious actors can potentially reroute traffic over unsecured channels, undermining the privacy and security provided by the VPN. This poses a critical risk to organizations that depend on VPN technologies for secure communications, as sensitive data may become exposed to unauthorized access or tampering.

Technical Details

CVE-2024-3661 exploits the classless static route option (121) in the DHCP protocol. This option allows DHCP servers to include routing information that can change a client’s routing table. By manipulating DHCP responses, an attacker can effectively instruct a client to redirect VPN-bound traffic to a public or insecure interface, thus bypassing the usual protections of the VPN. This attack does not require sophisticated tools or extensive access; an attacker merely needs to be present on the same local network. The vulnerability primarily impacts VPN applications that depend on these routes and can lead to critical security weaknesses in an organization's network architecture.

Impact of the Vulnerability

  1. Traffic Interception: The ability to redirect VPN traffic allows attackers to intercept sensitive communications, potentially leading to unauthorized access to confidential information, including credentials and personal data.

  2. Data Modification: Once traffic is under the control of an attacker, they may modify data in transit before it reaches its intended destination, potentially leading to misinformation or further exploitation within the network.

  3. Compromised VPN Utility: The very purpose of a VPN—to secure data and provide privacy—can be undermined, leading organizations to falsely believe that their data is secure when it is actually vulnerable to local network threats.

Affected Version(s)

DHCP 0

News Articles

favicon imageOpenWrt Forum

Possible vulnerability: TunnelVision (CVE-2024-3661) - For Developers - OpenWrt Forum

Hi! Found following article: And this video: Can anyone official from OpenWRT check this an patch if it is present?

favicon imageThe Hacker News

New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have uncovered a vulnerability (CVE-2024-3661) that allows threat actors to snoop on your VPN traffic.

favicon imageHelp Net Security

Attackers may be using TunnelVision to snoop on users' VPN traffic (CVE-2024-3661) - Help Net Security

A new attack method dubbed TunnelVision (CVE-2024-3661) can be used to intercept and snoop on VPN users' traffic.

References

https://datatracker.ietf.org/doc/html/rfc2131#section-7
https://datatracker.ietf.org/doc/html/rfc3442#section-7
https://tunnelvisionbug.com/

CVSS V3.1

Score:
7.6
Severity:
HIGH
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🥇

    Vulnerability reached the number 1 worldwide trending spot

  • 📈

    Vulnerability started trending

  • 👾

    Exploit known to exist

  • 📰

    First article discovered by Leviathan Security Group

  • Vulnerability published

  • Vulnerability Reserved

.