CVE-2023-35838 - Vulnerability Details - OpenCVE

The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.

No CVSS v4.0

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Microsoft	Windows
Wireguard	Wireguard

Configuration 1 [-]

AND

cpe:2.3:a:wireguard:wireguard:0.5.3:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015
https://tunnelcrack.mathyvanhoef.com/details.html
https://wireguard.com

History

Fri, 18 Oct 2024 19:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-09T00:00:00

Updated: 2024-10-18T19:02:08.462Z

Reserved: 2023-06-18T00:00:00

Link: CVE-2023-35838

Vulnrichment

Updated: 2024-08-02T16:30:45.371Z

NVD

Status : Modified

Published: 2023-08-09T23:15:10.007

Modified: 2024-11-21T08:08:47.637

Link: CVE-2023-35838

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-35838", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-18T19:02:08.462Z", "dateReserved": "2023-06-18T00:00:00", "datePublished": "2023-08-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-31T08:06:29.358997"}, "descriptions": [{"lang": "en", "value": "The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to \"LocalNet attack resulting in the blocking of traffic\" rather than to only WireGuard."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://wireguard.com"}, {"url": "https://tunnelcrack.mathyvanhoef.com/details.html"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.371Z"}, "title": "CVE Program Container", "references": [{"url": "https://wireguard.com", "tags": ["x_transferred"]}, {"url": "https://tunnelcrack.mathyvanhoef.com/details.html", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-18T19:01:55.378972Z", "id": "CVE-2023-35838", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T19:02:08.462Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wireguard.com", "tags": ["x_transferred"]}, {"url": "https://tunnelcrack.mathyvanhoef.com/details.html", "tags": ["x_transferred"]}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T16:30:45.371Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-35838", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-10-18T19:01:55.378972Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-18T19:02:04.138Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://wireguard.com"}, {"url": "https://tunnelcrack.mathyvanhoef.com/details.html"}, {"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"}], "descriptions": [{"lang": "en", "value": "The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to \"LocalNet attack resulting in the blocking of traffic\" rather than to only WireGuard."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-31T08:06:29.358997"}}}, "cveMetadata": {"cveId": "CVE-2023-35838", "state": "PUBLISHED", "dateUpdated": "2024-10-18T19:02:08.462Z", "dateReserved": "2023-06-18T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2023-08-09T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wireguard:wireguard:0.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "20B2F68C-BAD1-4CA0-88B2-9AD317C88BC4", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to \"LocalNet attack resulting in the blocking of traffic\" rather than to only WireGuard."}], "id": "CVE-2023-35838", "lastModified": "2024-11-21T08:08:47.637", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-09T23:15:10.007", "references": [{"source": "cve@mitre.org", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://tunnelcrack.mathyvanhoef.com/details.html"}, {"source": "cve@mitre.org", "tags": ["Product"], "url": "https://wireguard.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0015"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://tunnelcrack.mathyvanhoef.com/details.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "https://wireguard.com"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-610"}], "source": "nvd@nist.gov", "type": "Primary"}]}