CVE-2023-36671 — Cleartext Transmission of Sensitive Info in VPN

CWE-319 — Cleartext Transmission of Sensitive Info CWE-829 — Inclusion of Functionality from Untrusted Control Sphere5 documents5 sources

Severity

6.3MEDIUMNVD

EPSS

0.0%

top 90.40%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clario VPN Paloalto Globalprotect Paloalto Pan-os +1 more

Timeline

PublishedAug 9

Latest updateAug 17

Description

An issue was discovered in the Clario VPN client through 5.9.1.1662 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. This allows an adversary to trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID…

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 1.0 | Impact: 5.2

Affected Packages4 packages

▶NVDclario/vpn5.9.1.1662

▶Palo Altopaloalto/pan-os

▶Palo Altopaloalto/globalprotect

▶Palo Altopaloalto/prisma_access

🔴Vulnerability Details

GHSA

GHSA-cpmg-8xfp-5wj8: An issue was discovered in the Clario VPN client through 5↗2023-08-10

▶

CVEList

CVE-2023-36671: An issue was discovered in the Clario VPN client through 5↗2023-08-09

▶

OSV

CVE-2023-36671: An issue was discovered in the Clario VPN client through 5↗2023-08-09

▶

📋Vendor Advisories

Palo Alto

PAN-SA-2023-0004 Informational Bulletin: Impact of TunnelCrack Vulnerabilities (CVE-2023-36671, CVE-2023-36672, CVE-2023-35838, and CVE-2023-36673)↗2023-08-17

▶