Auth bypass in Ietf Dhcp
CVE-2024-3661
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the…
Vulnerability class: Broken Authentication
EPSS: 0.029 (86.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.6 (High). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L.
Affected products
- Ietf Dhcp — versions 0
Weakness classification (CWE)
Public proof-of-concept exploits
References
- datatracker.ietf.org/doc/html/rfc2131
- datatracker.ietf.org/doc/html/rfc3442
- tunnelvisionbug.com/
- www.leviathansecurity.com/research/tunnelvision
- news.ycombinator.com/item
- arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-ne…
- krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
- issuetracker.google.com/issues/263721377
- mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
- www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vp…
Frequently asked questions
- What is CVE-2024-3661?
- CVE-2024-3661 is a high-severity vulnerability in Ietf Dhcp, classified under Missing Authentication for Critical Function. CVSS score: 7.6/10. Published 2024-05-06.
- How severe is CVE-2024-3661?
- High severity. CVSS v3 base score is 7.6 out of 10.
- Is CVE-2024-3661 known to be exploited?
- 16 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.