ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Expressvpn
Expressvpn expressvpn |
|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:expressvpn:expressvpn:*:*:*:*:*:windows:*:* | |
Vendors & Products |
Expressvpn
Expressvpn expressvpn |
|
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-11T00:00:00
Updated: 2024-08-01T23:52:06.236Z
Reserved: 2024-02-11T00:00:00
Link: CVE-2024-25728
Vulnrichment
Updated: 2024-08-01T23:52:06.236Z
NVD
Status : Analyzed
Published: 2024-02-11T22:15:08.360
Modified: 2024-09-05T13:54:43.833
Link: CVE-2024-25728
Redhat
No data.