Lucene search

Ubuntu.comUB:CVE-2023-35838

HistoryAug 09, 2023 - 12:00 a.m.

CVE-2023-35838

2023-08-0900:00:00

ubuntu.com

wireguard

windows

insecure configuration

ip traffic

adversary

local network

rfc1918

vpn

network-manager

openvpn

pptp

vulnerable

wg-quick tool

ubuntu

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

The WireGuard client 0.5.3 on Windows insecurely configures the operating
system and firewall such that traffic to a local network that uses
non-RFC1918 IP addresses is blocked. This allows an adversary to trick the
victim into blocking IP traffic to selected IP addresses and services even
while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website
uses this CVE ID to refer more generally to “LocalNet attack resulting in
the blocking of traffic” rather than to only WireGuard.

Notes

Author	Note
mdeslaur	other VPN software may also be affected. See whitepaper for the complete list.
evancaville	as of 2024-02-05, there doesn’t appear to be an upstream fix available for network-manager-openvpn, openvpn packages. as of 2024-02-29, there doesn’t appear to be an upstream fix available for network-manager-pptp, pptp-linux. wireguard itself is not vulnerable, however the wg-quick tool includes local network access. See the wg-quick manpage and documentation on methods to disable this.
mdeslaur	as of 2024-04-15, this CVE appears to be specific to the WireGuard client on Windows, marking all Ubuntu packages as not-affected

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenconnect< anyUNKNOWN
ubuntu16.04noarchopenconnect< anyUNKNOWN
ubuntu22.04noarchsoftether-vpn< anyUNKNOWN
ubuntu23.10noarchsoftether-vpn< anyUNKNOWN
ubuntu24.04noarchsoftether-vpn< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openconnect	< any	UNKNOWN
ubuntu	16.04	noarch	openconnect	< any	UNKNOWN
ubuntu	22.04	noarch	softether-vpn	< any	UNKNOWN
ubuntu	23.10	noarch	softether-vpn	< any	UNKNOWN
ubuntu	24.04	noarch	softether-vpn	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-35838

nvd.nist.gov/vuln/detail/CVE-2023-35838

openvpn.net/security-advisory/statement-regarding-tunnelcrack-vulnerabilities/

papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf

security-tracker.debian.org/tracker/CVE-2023-35838

tunnelcrack.mathyvanhoef.com/details.html

www.cve.org/CVERecord?id=CVE-2023-35838

www.softether.org/9-about/News/905-TunnelCrack

5.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

5.6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.5%

JSON

Related for UB:CVE-2023-35838