CVE-2023-36672

Name of the Vulnerable Software and Affected Versions Clario VPN client versions 5.9.1.1662 and earlier

Description The issue concerns the insecure configuration of the operating system by the Clario VPN client, which results in traffic to the local network being sent in plaintext outside the VPN tunnel, even when the local network uses a non-RFC1918 IP subnet. This allows an adversary to trick the victim into sending arbitrary IP traffic in plaintext outside the VPN tunnel. The problem is related to the lack of protection for transmitted data.

Recommendations For Clario VPN client versions 5.9.1.1662 and earlier, update to a version that fixes the insecure configuration issue to prevent traffic from being sent in plaintext outside the VPN tunnel. As a temporary workaround, consider restricting access to the local network to minimize the risk of exploitation.