CVE-2024-3661 Vulnerability Exploited in TunnelVision Attack

Researchers have described a technique called TunnelVision, which allows threat actors to monitor network traffic of victims by leveraging the same local network. This bypass method, referred to as "decloaking," has been given the identifier CVE-2024-3661 and impacts operating systems that utilize a DHCP client and support DHCP option 121 routes.

Fundamentally, TunnelVision involves directing unencrypted traffic through a VPN by using an attacker-manipulated DHCP server to configure a route on the VPN user's routing table using DHCP option 121. This method exploits the DHCP protocol's lack of authentication for these option messages.

DHCP, a client/server protocol, assigns IP addresses and configuration details like subnet masks and gateways to devices joining a network. It manages IP address leasing, reclaiming unused addresses for reallocation.

TunnelVision Allows for DHCP Tampering

The vulnerability allows attackers to manipulate routes via DHCP messages, redirecting VPN traffic to potentially read, disrupt, or alter network data that should be protected by the VPN. This approach is independent of specific VPN technologies or providers.

The TunnelVision attack deceives VPN users into believing their connections are secure and encrypted, while traffic is redirected to the attacker's server for potential inspection. Successful exploitation requires the victim's DHCP client to implement DHCP option 121 and accept a lease from the attacker's server.

This attack resembles TunnelCrack, which leaks traffic from a VPN tunnel when connected to untrusted networks, facilitating adversary-in-the-middle (AitM) attacks. Notably, major operating systems like Windows, Linux, macOS, and iOS are affected, excluding Android due to lack of support for DHCP option 121. VPN tools relying solely on routing rules are also vulnerable.

Security researchers describe TunnelVision as a DHCP starvation attack creating a side-channel to bypass VPN encapsulation and reroute traffic outside the VPN tunnel.

By Zaib
May 10, 2024
Computer Security
English
May 10, 2024
Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Error: Ox800VDS Pop-up Scam

2 months ago

Softcnapp Potentially Unwanted Application

3 months ago

Bgzq Ransomware is Based on Djvu

18 days ago

Remor.xyz Browser Hijacker

1 month ago

Bgjs Ransomware Encrypts Victim Data

18 days ago

Related Posts

Computer Security

CVE-2024-23204 Apple's Shortcuts Vulnerability

Information has surfaced regarding a previously patched security vulnerability of high severity in Apple's Shortcuts app, which could enable a shortcut to access sensitive device data without user consent. The... Read more

February 29, 2024
Computer Security

CVE-2024-1071 WordPress Plugin Vulnerability

A significant security vulnerability has been revealed in Ultimate Member, a widely used WordPress plugin boasting over 200,000 active installations. Identified as CVE-2024-1071, this flaw has earned a high CVSS score... Read more

February 29, 2024
Computer Security

CVE-2024-3400 Vulnerability Hinges on Command Injection Flaw

Cyber attackers have been taking advantage of a recently revealed vulnerability in Palo Alto Networks PAN-OS software since March 26, 2024, almost three weeks before it was publicly disclosed. This activity,... Read more

April 15, 2024
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.