CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3661 – DHCP routing options can manipulate interface-based VPN traffic
https://notcve.org/view.php?id=CVE-2024-3661
DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Por diseño, el protocolo DHCP no autentica mensajes, incluida, por ejemplo, la opción de ruta estática sin clases (121). Un atacante con la capacidad de enviar mensajes DHCP puede manipular rutas para redirigir el tráfico VPN, lo que le permite leer, interrumpir o posiblemente modificar el tráfico de red que se esperaba que estuviera protegido por la VPN. • https://github.com/a1xbit/DecloakingVPN https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose https://bst.cisco.com/quickview/bug/CSCwk05814 https://datatracker.ietf.org/doc/html/rfc2131#section-7 https://datatracker.ietf.org/doc/html/rfc3442#section-7 https://fortiguard.fortinet.com/psirt/FG-IR-24-170 https://issuetracker.google.com/issues/263721377 https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-c • CWE-306: Missing Authentication for Critical Function CWE-501: Trust Boundary Violation •
CVSS: 7.5EPSS: 81%CPEs: 444EXPL: 7CVE-2023-44487 – HTTP/2 Rapid Reset Attack Vulnerability
https://notcve.org/view.php?id=CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. El protocolo HTTP/2 permite una denegación de servicio (consumo de recursos del servidor) porque la cancelación de solicitudes puede restablecer muchas transmisiones rápidamente, como se explotó en la naturaleza entre agosto y octubre de 2023. A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. • https://github.com/imabee101/CVE-2023-44487 https://github.com/studiogangster/CVE-2023-44487 https://github.com/bcdannyboy/CVE-2023-44487 https://github.com/sigridou/CVE-2023-44487- https://github.com/ByteHackr/CVE-2023-44487 https://github.com/ReToCode/golang-CVE-2023-44487 http://www.openwall.com/lists/oss-security/2023/10/13/4 http://www.openwall.com/lists/oss-security/2023/10/13/9 http://www.openwall.com/lists/oss-security/2023/10/18/4 http://www. • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27862 – L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation
https://notcve.org/view.php?id=CVE-2021-27862
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida y la conversión de tramas de Ethernet a Wifi (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27861 – L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths
https://notcve.org/view.php?id=CVE-2021-27861
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •
CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0CVE-2021-27854 – L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation
https://notcve.org/view.php?id=CVE-2021-27854
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando combinaciones de encabezados VLAN 0, encabezados LLC/SNAP y convirtiendo tramas de Ethernet a Wifi y su inversa • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-290: Authentication Bypass by Spoofing •