CVE-2023-36673

Name of the Vulnerable Software and Affected Versions Avira Phantom VPN versions through 2.23.1

Description An issue was discovered in Avira Phantom VPN where the VPN client insecurely configures the operating system, sending all IP traffic to the VPN server's IP address in plaintext outside the VPN tunnel. This occurs even if the traffic is not generated by the VPN client, and simultaneously uses plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel.

Recommendations For Avira Phantom VPN versions through 2.23.1, update to a version later than 2.23.1 to resolve the issue. As a temporary workaround, consider restricting access to the VPN server's IP address to minimize the risk of exploitation. Avoid using plaintext DNS to look up the VPN server's IP address until the issue is resolved.