PT-2024-13665 · Purevpn · Purevpn Linux Client
Muhammad Samaak
+1
·
Published
2024-08-25
·
Updated
2024-09-11
·
CVE-2023-48957
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PureVPN Linux client version 2.0.2
Description
The PureVPN Linux client fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. This issue is related to improper access controls in the DNS query handler.
Recommendations
For PureVPN Linux client version 2.0.2, upgrade to version 2.0.3 to remediate the issue. As a temporary workaround, consider restricting access to the DNS query handler until the patch is applied.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Purevpn Linux Client