Security News > 2024 > May > New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
2024-05-09 17:55
Researchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim's network traffic by just being on the same local network. The "decloaking" method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has
News URL
https://thehackernews.com/2024/05/new-tunnelvision-attack-allows.html
Related news
- PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack (source)
- IPany VPN breached in supply-chain attack to push custom malware (source)
- Massive brute force attack uses 2.8 million IPs to target VPN devices (source)
- SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-06 | CVE-2024-3661 | Missing Authentication for Critical Function vulnerability in multiple products DHCP can add routes to a client’s routing table via the classless static route option (121). | 7.6 |