all InfoSec news
CVE-2024-3661, a.k.a. TunnelVision, Exposes a VPN Bypass Vulnerability
Malware Analysis, News and Indicators - Latest topics malware.news
IntroductionOn May 6, 2024, a researcher from Leviathan Security Group identified a new technique, termed as “TunnelVision”, that can bypass VPN encapsulation and enable attackers to send the traffic outside a VPN tunnel using the built-in features of Dynamic Host Configuration Protocol (DHCP). TunnelVision involves the routing of traffic without encryption through a VPN. This traffic can be directed by the attacker’s configured DHCP server using option 121, ultimately being redirected to the internet via a side channel created by …
attackers bypass bypass vulnerability can configuration cve cve-2024 dhcp dynamic enable encryption features host leviathan security may protocol researcher routing security send traffic tunnel vpn vulnerability