Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables Affecting Cisco AnyConnect Secure Mobility Client and Cisco Secure Client
|
System information
|
| |
|
|
Affected software |
Cisco |
Description
|
On August 8, 2023, the paper Bypassing Tunnels: Leaking VPN Client Traffic by Abusing Routing Tables was made public. The paper discusses two attacks that can cause VPN clients to leak traffic outside the protected VPN tunnel. In both instances, an attacker can manipulate routing exceptions that are maintained by the client to redirect traffic to a device that they control without the benefit of the VPN tunnel encryption. This advisory is available at the following
More info:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-leak-Sew6g2kd?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Bypassing%20Tunnels:%20Leaking%20VPN%20Client%20Traffic%20by%20Abusing%20Routing%20Tables%20Affecting%20Cisco%20AnyConnect%20Secure%20Mobility%20Client%20and%20Cisco%20Secure%20Client&vs_k=1 |
Standar resources
|
|
Property |
Value |
|
CVE |
CVE-2023-36672 and CVE-2023-36673. |
