5.7 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.7%
An issue was discovered in the Clario VPN client through 5.9.1.1662 for
macOS. The VPN client insecurely configures the operating system such that
traffic to the local network is sent in plaintext outside the VPN tunnel
even if the local network is using a non-RFC1918 IP subnet. This allows an
adversary to trick the victim into sending arbitrary IP traffic in
plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com
website uses this CVE ID to refer more generally to “LocalNet attack
resulting in leakage of traffic in plaintext” rather than to only Clario.
Author | Note |
---|---|
mdeslaur | other VPN software may also be affected. See whitepaper for the complete list. |
evancaville | as of 2024-02-05, there doesn’t appear to be an upstream fix available for network-manager-openvpn, openvpn packages. as of 2024-02-29, there doesn’t appear to be an upstream fix available for network-manager-pptp, pptp-linux. wireguard itself is not vulnerable, however the wg-quick tool includes local network access. See the wg-quick manpage and documentation on methods to disable this. |
mdeslaur | as of 2024-04-15, this CVE appears to be specific to the Clario VPN client, marking all Ubuntu packages as not-affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | openconnect | < any | UNKNOWN |
ubuntu | 16.04 | noarch | openconnect | < any | UNKNOWN |
ubuntu | 22.04 | noarch | softether-vpn | < any | UNKNOWN |
ubuntu | 23.10 | noarch | softether-vpn | < any | UNKNOWN |
ubuntu | 24.04 | noarch | softether-vpn | < any | UNKNOWN |
launchpad.net/bugs/cve/CVE-2023-36672
nvd.nist.gov/vuln/detail/CVE-2023-36672
openvpn.net/security-advisory/statement-regarding-tunnelcrack-vulnerabilities/
papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
security-tracker.debian.org/tracker/CVE-2023-36672
tunnelcrack.mathyvanhoef.com/details.html
www.cve.org/CVERecord?id=CVE-2023-36672
www.softether.org/9-about/News/905-TunnelCrack
5.7 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
20.7%