Lucene search

Ubuntu.comUB:CVE-2023-36673

HistoryAug 09, 2023 - 12:00 a.m.

CVE-2023-36673

2023-08-0900:00:00

ubuntu.com

cve-2023-36673

vpn client

plaintext traffic

dns spoofing

security vulnerability

macos

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.5%

JSON

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The
VPN client insecurely configures the operating system such that all IP
traffic to the VPN server’s IP address is sent in plaintext outside the VPN
tunnel, even if this traffic is not generated by the VPN client, while
simultaneously using plaintext DNS to look up the VPN server’s IP address.
This allows an adversary to trick the victim into sending traffic to
arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the
tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more
generally to “ServerIP attack, combined with DNS spoofing, that can leak
traffic to an arbitrary IP address” rather than to only Avira Phantom VPN.

Notes

Author	Note
mdeslaur	other VPN software may also be affected. See whitepaper for the complete list.
evancaville	as of 2024-02-05, there doesn’t appear to be an upstream fix available for network-manager-openvpn, openvpn packages. as of 2024-02-29, there doesn’t appear to be an upstream fix available for network-manager-pptp, pptp-linux.
mdeslaur	as of 2024-04-15, this CVE appears to be specific to the Avira Phantom VPN, marking all Ubuntu packages as not-affected

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchopenconnect< anyUNKNOWN
ubuntu20.04noarchopenconnect< anyUNKNOWN
ubuntu22.04noarchopenconnect< anyUNKNOWN
ubuntu23.10noarchopenconnect< anyUNKNOWN
ubuntu24.04noarchopenconnect< anyUNKNOWN
ubuntu16.04noarchopenconnect< anyUNKNOWN
ubuntu22.04noarchsoftether-vpn< anyUNKNOWN
ubuntu23.10noarchsoftether-vpn< anyUNKNOWN
ubuntu24.04noarchsoftether-vpn< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	openconnect	< any	UNKNOWN
ubuntu	20.04	noarch	openconnect	< any	UNKNOWN
ubuntu	22.04	noarch	openconnect	< any	UNKNOWN
ubuntu	23.10	noarch	openconnect	< any	UNKNOWN
ubuntu	24.04	noarch	openconnect	< any	UNKNOWN
ubuntu	16.04	noarch	openconnect	< any	UNKNOWN
ubuntu	22.04	noarch	softether-vpn	< any	UNKNOWN
ubuntu	23.10	noarch	softether-vpn	< any	UNKNOWN
ubuntu	24.04	noarch	softether-vpn	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2023-36673

nvd.nist.gov/vuln/detail/CVE-2023-36673

openvpn.net/security-advisory/statement-regarding-tunnelcrack-vulnerabilities/

papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf

security-tracker.debian.org/tracker/CVE-2023-36673

tunnelcrack.mathyvanhoef.com/details.html

www.cve.org/CVERecord?id=CVE-2023-36673

www.softether.org/9-about/News/905-TunnelCrack

7.3 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

21.5%

JSON

Related for UB:CVE-2023-36673