all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

TunnelVision - CVE-2024-3661

Add to bookmarks
June 11, 2024, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

Fortinet is aware of the recent publication of the TunnelVision vulnerability (CVE-2024-3661).The research [1] identified a technique to bypass the use of protected VPN tunnels when clients connect via untrusted network, such as rogue Wi-Fi network. This attack may allow an attacker controlled DHCP server on the same network as the targeted user to reroute VPN traffic by setting more specific routes than VPN's on target’s routing table. Note that this technique does not allow decrypting HTTPS traffic but rather …

attack attacker aware bypass clients connect cve cve-2024 dhcp fortinet may network research rogue server traffic tunnels tunnelvision untrusted vpn vulnerability wi-fi

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS/FortiProxy - XSS in reboot page 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin attacker code +18
Stack buffer overflow on bluetooth write feature 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code arbitrary code execution attacker bluetooth +14
Blind SQL Injection 2 weeks, 1 day ago | fortiguard.fortinet.com
blind command cwe download +8
Buffer overflow in fgfmd 2 weeks, 1 day ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +15
FortiSOAR is vulnerable to sql injection in Event Auth API via uuid parameter 2 weeks, 1 day ago | fortiguard.fortinet.com
api attacker auth code +14
Multiple buffer overflows in diag npu command 2 weeks, 1 day ago | fortiguard.fortinet.com
attacker buffer buffer overflow buffer overflows +14
TunnelVision - CVE-2024-3661 2 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker aware bypass +18
Weak key derivation for backup file 2 weeks, 1 day ago | fortiguard.fortinet.com
access admin attacker backup +14
Buffer overflow in administrative interface 1 month, 1 week ago | fortiguard.fortinet.com
arbitrary code attacker buffer buffer overflow +13

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California
View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA
View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts
View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel
View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN
View on infosec-jobs.com