Lucene search

CVE-2024-3661

🗓️ 06 May 2024 19:11:15Reported by cisa-cgType

cve🔗 web.nvd.nist.gov📰️ 44 Media mentions👁 217 Views

DHCP protocol vulnerability allows route manipulation and VPN traffic interceptio

Reporter	Title	Published	Views	Family All 36
OSV	CVE-2024-3661	6 May 202419:15	–	osv
OSV	RHSA-2025:0377 Red Hat Security Advisory: Security and bug fixes for NetworkManager	17 Jan 202510:02	–	osv
OSV	ALSA-2025:0377 Moderate: Security and bug fixes for NetworkManager	16 Jan 202500:00	–	osv
OSV	RLSA-2025:0377 Moderate: Security and bug fixes for NetworkManager	17 Mar 202520:16	–	osv
OSV	RHSA-2025:0288 Red Hat Security Advisory: Bug fix of NetworkManager	14 Jan 202510:10	–	osv
OSV	ALSA-2025:0288 Moderate: Bug fix of NetworkManager	13 Jan 202500:00	–	osv
Vulnrichment	CVE-2024-3661 DHCP routing options can manipulate interface-based VPN traffic	6 May 202418:31	–	vulnrichment
RedHat Linux	(RHSA-2025:0377) Moderate: Security and bug fixes for NetworkManager	16 Jan 202513:57	–	redhat
RedHat Linux	(RHSA-2025:0288) Moderate: Bug fix of NetworkManager	13 Jan 202509:59	–	redhat
RedHat Linux	(RHSA-2025:0646) Important: OpenShift Container Platform 4.15.44 security update	29 Jan 202519:02	–	redhat

Nvd

Node

fortinet forticlientRange6.4.0–7.2.5linux

fortinet forticlientRange6.4.0–7.2.5macos

fortinet forticlientRange6.4.0–7.2.5windows

fortinet forticlientMatch7.4.0linux

fortinet forticlientMatch7.4.0macos

fortinet forticlientMatch7.4.0windows

Node

cisco anyconnect_vpn_clientMatch-

cisco secure_clientMatch-

Node

paloaltonetworks globalprotectiphone_os

paloaltonetworks globalprotectlinux

paloaltonetworks globalprotectmacos

paloaltonetworks globalprotectwindows

Node

citrix secure_access_clientRange<24.06.1

AND

apple iphone_osMatch-

apple macosMatch-

Node

citrix secure_access_clientRange<24.8.5

AND

linux linux_kernelMatch-

Node

f5 big-ip_access_policy_managerRange7.2.3–7.2.5

f5 big-ip_access_policy_managerRange15.1.0–15.1.10

f5 big-ip_access_policy_managerRange16.1.0–16.1.5

f5 big-ip_access_policy_managerRange17.1.0–17.1.2

Node

watchguard ipsec_mobile_vpn_clientmacos

watchguard ipsec_mobile_vpn_clientwindows

watchguard mobile_vpn_with_sslmacos

watchguard mobile_vpn_with_sslwindows

Node

zscaler client_connectorRange<1.5.1.25linux

zscaler client_connectorRange<4.2.0.282macos

zscaler client_connectorRange3.7–3.7.0.134linux

zscaler client_connectorMatch-windows

[
  {
    "defaultStatus": "affected",
    "product": "DHCP",
    "vendor": "IETF",
    "versions": [
      {
        "status": "affected",
        "version": "0"
      }
    ]
  }
]

Source	Link
datatracker	www.datatracker.ietf.org/doc/html/rfc3442
zscaler	www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability
news	www.news.ycombinator.com/item
datatracker	www.datatracker.ietf.org/doc/html/rfc2131
my	www.my.f5.com/manage/s/article/K000139553
krebsonsecurity	www.krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
bst	www.bst.cisco.com/quickview/bug/CSCwk05814
lowendtalk	www.lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic
arstechnica	www.arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
support	www.support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

06 May 2024 19:15Current

7.3High risk

Vulners AI Score7.3

CVSS37.6

EPSS0.00114

SSVC