New TunnelVision technique can bypass the VPN encapsulation
Security Affairs
MAY 8, 2024
TunnelVision exploits the vulnerability CVE-2024-3661, which is a DHCP design flaw where messages such as the classless static route (option 121) are not authenticated and for this reason can be manipulated by the attackers. The researchers speculate that the vulnerability existed in DHCP since 2002, when option 121 was implemented.
Let's personalize your content