Main Vulnerability Database SB20240611271

SB20240611271 - MitM attack in Fortinet FortiClient

Published: June 11, 2024 Updated: April 2, 2025

Security Bulletin ID SB20240611271

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Adjecent network

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Man-in-the-Middle (MitM) attack (CVE-ID: CVE-2024-3661)

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to way the VPN client handles routes advertised by the DHCP server. A remote attacker with access to the local network can route the victim's traffic to a malicious server instead of sending it via a secured channel.

This vulnerability was dubbed "TunnelVision".

Remediation

Install update from vendor's website.

References

https://datatracker.ietf.org/doc/html/rfc2131#section-7
https://datatracker.ietf.org/doc/html/rfc3442#section-7
https://tunnelvisionbug.com/
https://www.leviathansecurity.com/research/tunnelvision
https://news.ycombinator.com/item?id=40279632
https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/
https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/
https://issuetracker.google.com/issues/263721377
https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision
https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability
https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic
https://news.ycombinator.com/item?id=40284111
https://www.agwa.name/blog/post/hardening_openvpn_for_def_con
https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/
https://www.fortiguard.com/psirt/FG-IR-24-170