CVE-2024-3661

Public on 2024-05-06
Modified on 2024-10-24
Description
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.0
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 libreswan No Fix Planned
Amazon Linux 2 - Core libreswan Pending Fix
Amazon Linux 2023 libreswan Pending Fix
Amazon Linux 1 openswan No Fix Planned
Amazon Linux 1 openvpn No Fix Planned
Amazon Linux 2023 openvpn Pending Fix
Amazon Linux 1 pptp No Fix Planned
Amazon Linux 2 - Core pptp Pending Fix
Amazon Linux 1 vpnc No Fix Planned

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 5.0 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
NVD CVSSv3 7.6 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L