5.7 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%
The WireGuard client 0.5.3 on Windows insecurely configures the operating
system and firewall such that traffic to a local network that uses
non-RFC1918 IP addresses is blocked. This allows an adversary to trick the
victim into blocking IP traffic to selected IP addresses and services even
while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website
uses this CVE ID to refer more generally to “LocalNet attack resulting in
the blocking of traffic” rather than to only WireGuard.
Author | Note |
---|---|
mdeslaur | other VPN software may also be affected. See whitepaper for the complete list. |
evancaville | as of 2024-02-05, there doesn’t appear to be an upstream fix available for network-manager-openvpn, openvpn packages. as of 2024-02-29, there doesn’t appear to be an upstream fix available for network-manager-pptp, pptp-linux. wireguard itself is not vulnerable, however the wg-quick tool includes local network access. See the wg-quick manpage and documentation on methods to disable this. |
mdeslaur | as of 2024-04-15, this CVE appears to be specific to the WireGuard client on Windows, marking all Ubuntu packages as not-affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openconnect | < any | UNKNOWN |
ubuntu | 16.04 | noarch | openconnect | < any | UNKNOWN |
ubuntu | 22.04 | noarch | softether-vpn | < any | UNKNOWN |
ubuntu | 23.10 | noarch | softether-vpn | < any | UNKNOWN |
ubuntu | 24.04 | noarch | softether-vpn | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-35838
nvd.nist.gov/vuln/detail/CVE-2023-35838
openvpn.net/security-advisory/statement-regarding-tunnelcrack-vulnerabilities/
papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
security-tracker.debian.org/tracker/CVE-2023-35838
tunnelcrack.mathyvanhoef.com/details.html
www.cve.org/CVERecord?id=CVE-2023-35838
www.softether.org/9-about/News/905-TunnelCrack
5.7 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
10.5%