PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
History

Wed, 11 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:purevpn:purevpn:2.0.2:*:*:*:*:linux:*:*
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}


Mon, 26 Aug 2024 17:30:00 +0000

Type Values Removed Values Added
First Time appeared Purevpn
Purevpn purevpn
CPEs cpe:2.3:a:purevpn:purevpn:*:*:*:*:*:macos:*:*
Vendors & Products Purevpn
Purevpn purevpn
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Sun, 25 Aug 2024 16:45:00 +0000

Type Values Removed Values Added
Description PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-08-25T00:00:00

Updated: 2024-08-26T16:52:52.092Z

Reserved: 2023-11-20T00:00:00

Link: CVE-2023-48957

cve-icon Vulnrichment

Updated: 2024-08-26T16:52:40.955Z

cve-icon NVD

Status : Analyzed

Published: 2024-08-25T17:15:03.553

Modified: 2024-09-11T18:07:49.180

Link: CVE-2023-48957

cve-icon Redhat

No data.