2320141 – (CVE-2024-3661) CVE-2024-3661 DHCP: DHCP routing options can manipulate interface-based VPN traffic

Bug 2320141 (CVE-2024-3661) - CVE-2024-3661 DHCP: DHCP routing options can manipulate interface-based VPN traffic

Summary: CVE-2024-3661 DHCP: DHCP routing options can manipulate interface-based VPN t...

Keywords:
Status:	NEW
Alias:	CVE-2024-3661
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2321496 2321497 2338601 2338602 2320864 2320865
Blocks:
TreeView+	depends on / blocked

Reported:	2024-10-21 09:54 UTC by OSIDB Bzimport
Modified:	2025-01-17 12:35 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2024-10-21 09:54:47 UTC

DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.

Note You need to log in before you can comment on or make changes to this bug.