Zurück zur Übersicht der Sicherheitshinweise
Informational
CVE(s)
CVE-2024-3661
Updated:
Produkt(e)
Sophos Connect Client 2.0
Veröffentlichungs-ID
sophos-sa-20240610-tunnelvision
Artikelversion
1
Erstveröffentlichung
Provisorische Lösung
Yes
Overview
On May 6, 2024, Leviathan Security Group published an article about decloaking VPN traffic using DHCP option 121 (classless route option), dubbed “TunnelVision”. The issue was assigned CVE-2024-3661 with a CVSS v3.1 score of 7.6.
The issue allows an adversarial DHCP server on the local network to route user traffic via the physical network interface to a gateway of the attacker’s choice instead of an established VPN tunnel.
Encrypted traffic, such as HTTPS, remains secure and cannot be decrypted, even if an adversary manipulates the routing.
Mitigations
An update of Sophos Connect Client is not required as the risk of exploitation is very low and easily mitigated by ensuring TLS is used on all services reachable via VPN.