13 matches found
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
Researchers have detailed a Virtual Private Network VPN bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 CVSS score: 7.6. It impac...
TunnelCrack Vulnerabilities
SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...
The vulnerability of the network software product BIG-IP Access Policy Manager Clients (APM Clients), a control device for access control and remote authentication, stems from the transmission of data in an open manner. This vulnerability allows attackers to execute attacks like TunnelCrack.
The vulnerability of the network software product BIG-IP Access Policy Manager Clients APM Clients is related to the transmission of data in an open manner. Exploiting this vulnerability allows a malicious actor to execute the TunnelCrack attack by redirecting traffic...
CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability
BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...
K000136907: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43124
Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43124 Impact If a client machine connects to a malicious adjacent network device, such as a router or Wi-Fi hotspot, an attacker may be able to trick the client into sending IP traffic outside...
K000136909: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43125
Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43125 Impact If a client machine connects to a malicious DNS device, an attacker may be able to trick the client into sending IP traffic outside of the VPN tunnel. Any clear text traffic leake...
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136907)
The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000136907 advisory. - BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of...
F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136909)
The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000136909 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel.CVE-2023-43125 Tenable has extracted...
PT-2023-5617 · F5 · Big-Ip Apm
Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending IP traffic outside of the VPN tunnel. This can be exploited by a remote attacker to implement a...
Attacks, Vulnerabilities and Actors 14 August to 20 August 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, one instance of adversary activity, and four zero-day...