CVE-2024-3661

Name of the Vulnerable Software and Affected Versions DHCP (affected versions not specified)

Description The issue is related to a lack of authentication in the DHCP protocol, specifically with the classless static route option (121). This allows an attacker to manipulate routes and potentially redirect VPN traffic, reading, disrupting, or modifying network traffic that was expected to be protected by the VPN. The vulnerability can be exploited by an attacker on the same local network, and it affects many VPN-based security solutions that rely on routes to redirect traffic.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability. However, as a temporary workaround, consider implementing network segmentation and monitoring for exploitation attempts. Additionally, using a VPN inside a virtual machine or connecting to the internet through a mobile device's Wi-Fi network may help minimize the risk of exploitation. Restricting access to the classless static route option (121) in the DHCP configuration may also help mitigate the issue until a patch is available.