Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
None
Attack Vector
Adjacent_network
0

CVE-2024-3661

Disclosure Date: May 06, 2024
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.6 High
Impact Score:
4.7
Exploitability Score:
2.8
Vector:
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Attack Vector (AV):
Adjacent_network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
Low
Availability (A):
Low

General Information

Vendors

  • cisco,
  • citrix,
  • f5,
  • fortinet,
  • paloaltonetworks,
  • watchguard,
  • zscaler

Products

  • anyconnect vpn client -,
  • big-ip access policy manager,
  • client connector,
  • client connector -,
  • forticlient,
  • forticlient 7.4.0,
  • globalprotect,
  • ipsec mobile vpn client,
  • mobile vpn with ssl,
  • secure access client,
  • secure client -

Additional Info

Technical Analysis