PT-2023-6277 · Wireguard · Wireguard
Christina Pöpper
+4
·
Published
2023-08-09
·
Updated
2026-04-10
·
CVE-2023-35838
CVSS v2.0
6.1
Medium
| Vector | AV:A/AC:L/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
WireGuard client version 0.5.3
Description
The WireGuard client version 0.5.3 on Windows has an insecure configuration of the operating system and firewall. This configuration can block traffic to a local network using non-RFC1918 IP addresses. An attacker can exploit this to trick a user into blocking IP traffic to specific IP addresses and services, even while the VPN is active. This issue can result in disruption of access to network resources.
Recommendations
Update to a newer version of the WireGuard client that addresses this firewall configuration issue.
Exploit
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wireguard