Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2023-36672
HistoryAug 09, 2023 - 11:15 p.m.

Code injection

2023-08-0923:15:00
PRIOn knowledge base
www.prio-n.com
10
clario vpn
plaintext traffic leakage
local network
ip subnet
adversary
cve id
tunnelcrack.mathyvanhoef.com

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that traffic to the local network is sent in plaintext outside the VPN tunnel even if the local network is using a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to “LocalNet attack resulting in leakage of traffic in plaintext” rather than to only Clario.

CPENameOperatorVersion
vpnle5.9.1.1662

Related

cve 1
ubuntucve 1
cvelist 1
nvd 1
cisco 1
cve
cve
CVE-2023-36672
2023-08-09 23:15:10
ubuntucve
ubuntucve
CVE-2023-36672
2023-08-09 00:00:00
cvelist
cvelist
CVE-2023-36672
2023-08-09 00:00:00
nvd
nvd
CVE-2023-36672
2023-08-09 23:15:10
cisco
cisco
Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client
2023-08-08 15:00:00

5.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

20.7%

JSON
Related for PRION:CVE-2023-36672
cve1ubuntucve1cvelist1nvd1cisco1