New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation

Researchers have detailed a Virtual Private Network VPN bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 CVSS score: 7.6. It impac...

TunnelCrack Vulnerabilities

SonicWall PSIRT is aware of a research publication that outlines a series of attacks known as 'TunnelCrack' vulnerabilities. These attacks occur when VPN client traffic leaks outside of the secure VPN tunnel, typically happening when clients connect to untrusted networks, like rogue Wi-Fi access...

CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-43125 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

CVE-2023-43124 BIG-IP APM Clients TunnelCrack vulnerability

BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

K000136907: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43124

Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43124 Impact If a client machine connects to a malicious adjacent network device, such as a router or Wi-Fi hotspot, an attacker may be able to trick the client into sending IP traffic outside...

K000136909: BIG-IP APM Clients TunnelCrack vulnerability CVE-2023-43125

Security Advisory Description BIG-IP APM clients may send IP traffic outside of the VPN tunnel. CVE-2023-43125 Impact If a client machine connects to a malicious DNS device, an attacker may be able to trick the client into sending IP traffic outside of the VPN tunnel. Any clear text traffic leake...

F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136907)

The version of F5 Networks BIG-IP installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the K000136907 advisory. - BIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of...

F5 Networks BIG-IP : BIG-IP APM Clients TunnelCrack vulnerability (K000136909)

The version of F5 Networks BIG-IP installed on the remote host is prior to 15.1.10.3 / 16.1.4.2 / 17.1.1.1. It is, therefore, affected by a vulnerability as referenced in the K000136909 advisory. BIG-IP APM clients may send IP traffic outside of the VPN tunnel.CVE-2023-43125 Tenable has extracted...

PT-2023-5617 · F5 · Big-Ip Apm

Name of the Vulnerable Software and Affected Versions: BIG-IP APM clients affected versions not specified Description: The issue is related to BIG-IP Access Policy Manager Clients APM Clients sending IP traffic outside of the VPN tunnel. This can be exploited by a remote attacker to implement a...

Attacks, Vulnerabilities and Actors 14 August to 20 August 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, one instance of adversary activity, and four zero-day...