Upstream information
CVE-2024-3661 at MITRE
Description
DHCP can add routes to a client's routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having important severity.
CVSS v3 Scores
| | CNA (9119a7d8-5eab-497f-8521-727c672e3725) | National Vulnerability Database |
|---|
| Base Score | 7.6 | 7.6 |
| Vector | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L | CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L |
| Attack Vector | Adjacent Network | Adjacent Network |
| Attack Complexity | Low | Low |
| Privileges Required | None | None |
| User Interaction | None | None |
| Scope | Unchanged | Unchanged |
| Confidentiality Impact | High | High |
| Integrity Impact | Low | Low |
| Availability Impact | Low | Low |
| CVSSv3 Version | 3.1 | 3.1 |
SUSE Bugzilla entry:
1224052 [NEW]
SUSE Security Advisories:
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|
| SUSE Liberty Linux 8 | NetworkManager >= 1.40.16-18.el8_10NetworkManager-adsl >= 1.40.16-18.el8_10NetworkManager-bluetooth >= 1.40.16-18.el8_10NetworkManager-cloud-setup >= 1.40.16-18.el8_10NetworkManager-config-connectivity-suse >= 1.40.16-18.el8_10NetworkManager-config-server >= 1.40.16-18.el8_10NetworkManager-dispatcher-routing-rules >= 1.40.16-18.el8_10NetworkManager-initscripts-updown >= 1.40.16-18.el8_10NetworkManager-libnm >= 1.40.16-18.el8_10NetworkManager-libnm-devel >= 1.40.16-18.el8_10NetworkManager-ovs >= 1.40.16-18.el8_10NetworkManager-ppp >= 1.40.16-18.el8_10NetworkManager-team >= 1.40.16-18.el8_10NetworkManager-tui >= 1.40.16-18.el8_10NetworkManager-wifi >= 1.40.16-18.el8_10NetworkManager-wwan >= 1.40.16-18.el8_10
| Patchnames:
RHSA-2025:0288 |
| SUSE Liberty Linux 9 | NetworkManager >= 1.48.10-5.el9_5NetworkManager-adsl >= 1.48.10-5.el9_5NetworkManager-bluetooth >= 1.48.10-5.el9_5NetworkManager-cloud-setup >= 1.48.10-5.el9_5NetworkManager-config-connectivity-suse >= 1.48.10-5.el9_5NetworkManager-config-server >= 1.48.10-5.el9_5NetworkManager-dispatcher-routing-rules >= 1.48.10-5.el9_5NetworkManager-initscripts-updown >= 1.48.10-5.el9_5NetworkManager-libnm >= 1.48.10-5.el9_5NetworkManager-libnm-devel >= 1.48.10-5.el9_5NetworkManager-ovs >= 1.48.10-5.el9_5NetworkManager-ppp >= 1.48.10-5.el9_5NetworkManager-team >= 1.48.10-5.el9_5NetworkManager-tui >= 1.48.10-5.el9_5NetworkManager-wifi >= 1.48.10-5.el9_5NetworkManager-wwan >= 1.48.10-5.el9_5
| Patchnames:
RHSA-2025:0377 |
SUSE Timeline for this CVE
CVE page created: Mon May 6 22:00:19 2024
CVE page last modified: Tue Jan 21 19:50:26 2025
