DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Metrics
Affected Vendors & Products
| Vendors | Products |
|---|---|
| Apple |
|
| Cisco |
|
| Citrix |
|
| F5 |
|
| Fortinet |
|
| Linux |
|
| Paloaltonetworks |
|
| Redhat |
|
| Watchguard |
|
| Zscaler |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
Configuration 4 [-]
| AND |
|
Configuration 5 [-]
| AND |
|
Configuration 6 [-]
|
Configuration 7 [-]
|
Configuration 8 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Enterprise Linux 8 | |||
| NetworkManager-1:1.40.16-18.el8_10 | cpe:/a:redhat:enterprise_linux:8 | RHSA-2025:0288 | 2025-01-13T00:00:00Z |
| NetworkManager-1:1.40.16-18.el8_10 | cpe:/o:redhat:enterprise_linux:8 | RHSA-2025:0288 | 2025-01-13T00:00:00Z |
| Red Hat Enterprise Linux 9 | |||
| NetworkManager-1:1.48.10-5.el9_5 | cpe:/a:redhat:enterprise_linux:9 | RHSA-2025:0377 | 2025-01-16T00:00:00Z |
| NetworkManager-1:1.48.10-5.el9_5 | cpe:/o:redhat:enterprise_linux:9 | RHSA-2025:0377 | 2025-01-16T00:00:00Z |
No data.
References
History
Wed, 16 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Fri, 11 Jul 2025 13:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
epss
|
epss
|
Thu, 13 Feb 2025 01:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat
Redhat enterprise Linux |
|
| CPEs | cpe:/a:redhat:enterprise_linux:8 cpe:/a:redhat:enterprise_linux:9 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
| Vendors & Products |
Redhat
Redhat enterprise Linux |
Wed, 15 Jan 2025 17:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Apple
Apple iphone Os Apple macos Cisco Cisco anyconnect Vpn Client Cisco secure Client Citrix Citrix secure Access Client F5 F5 big-ip Access Policy Manager Fortinet Fortinet forticlient Linux Linux linux Kernel Paloaltonetworks Paloaltonetworks globalprotect Watchguard Watchguard ipsec Mobile Vpn Client Watchguard mobile Vpn With Ssl Zscaler Zscaler client Connector |
|
| CPEs | cpe:2.3:a:cisco:anyconnect_vpn_client:-:*:*:*:*:*:*:* cpe:2.3:a:cisco:secure_client:-:*:*:*:*:*:*:* cpe:2.3:a:citrix:secure_access_client:*:*:*:*:*:*:*:* cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:* cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:* cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:* cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:* cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:linux:*:* cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:macos:*:* cpe:2.3:a:fortinet:forticlient:7.4.0:*:*:*:*:windows:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:iphone_os:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:linux:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:macos:*:* cpe:2.3:a:paloaltonetworks:globalprotect:*:*:*:*:*:windows:*:* cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:macos:*:* cpe:2.3:a:watchguard:ipsec_mobile_vpn_client:*:*:*:*:*:windows:*:* cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:macos:*:* cpe:2.3:a:watchguard:mobile_vpn_with_ssl:*:*:*:*:*:windows:*:* cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:linux:*:* cpe:2.3:a:zscaler:client_connector:*:*:*:*:*:macos:*:* cpe:2.3:a:zscaler:client_connector:-:*:*:*:*:windows:*:* cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:* cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:* |
|
| Vendors & Products |
Apple
Apple iphone Os Apple macos Cisco Cisco anyconnect Vpn Client Cisco secure Client Citrix Citrix secure Access Client F5 F5 big-ip Access Policy Manager Fortinet Fortinet forticlient Linux Linux linux Kernel Paloaltonetworks Paloaltonetworks globalprotect Watchguard Watchguard ipsec Mobile Vpn Client Watchguard mobile Vpn With Ssl Zscaler Zscaler client Connector |
Thu, 07 Nov 2024 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
threat_severity
|
threat_severity
|
Tue, 22 Oct 2024 02:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| References |
| |
| Metrics |
threat_severity
|
threat_severity
|
MITRE
Status: PUBLISHED
Assigner: cisa-cg
Published:
Updated: 2024-08-28T19:09:06.995Z
Reserved: 2024-04-11T17:24:22.637Z
Link: CVE-2024-3661
Vulnrichment
Updated: 2024-08-01T20:20:00.420Z
NVD
Status : Analyzed
Published: 2024-05-06T19:15:11.027
Modified: 2025-01-15T16:50:28.667
Link: CVE-2024-3661
Redhat
OpenCVE Enrichment
No data.