Advisory: TunnelVision Vulnerability in VPN Clients

Retour à la liste des avis de sécurité
Informational
CVE
CVE-2024-3661
Updated:
Produit(s)
Sophos Connect Client 2.0
ID de la publication sophos-sa-20240610-tunnelvision
Version de l’article 1
Première publication
Solution Yes

Overview

On May 6, 2024, Leviathan Security Group published an article about decloaking VPN traffic using DHCP option 121 (classless route option), dubbed “TunnelVision”. The issue was assigned CVE-2024-3661 with a CVSS v3.1 score of 7.6.

The issue allows an adversarial DHCP server on the local network to route user traffic via the physical network interface to a gateway of the attacker’s choice instead of an established VPN tunnel.

Encrypted traffic, such as HTTPS, remains secure and cannot be decrypted, even if an adversary manipulates the routing.

Mitigations

An update of Sophos Connect Client is not required as the risk of exploitation is very low and easily mitigated by ensuring TLS is used on all services reachable via VPN.

Related information

Sophos Responsible Disclosure Policy

To learn about Sophos security vulnerability disclosure policies and publications, see the Responsible Disclosure Policy.