Researchers have discovered several vulnerabilities in most VPN products that can be exploited by attackers to read user traffic, steal user information, or even attack user devices. These vulnerabilities have been assigned four distinct CVE numbers: CVE-2023-36672, CVE-2023-35838, CVE-2023-36673, and CVE-2023-36671. The first two can be exploited in a LocalNet attack, where a user connects to a Wi-Fi or Ethernet network set up by an attacker. The latter two can be leveraged in a ServerIP attack, either by attackers running an untrusted Wi-Fi/Ethernet network or by malicious internet service providers (ISPs). Both attacks manipulate the victim’s routing table to trick them into sending traffic outside the protected VPN tunnel, allowing adversaries to read and intercept transmitted traffic.
The researchers tested many consumer and enterprise-grade VPN solutions and found that most VPNs for Apple devices (computers, iPhones, or iPads), Windows, and Linux devices are vulnerable to one or both attacks. On Android, only about a quarter of VPN apps are vulnerable, likely due to a “carefully designed” API. Built-in VPN clients of Windows, macOS, and iOS are also vulnerable, as are some on Linux.
The researchers notified several VPN vendors about the vulnerabilities they found. Some vendors have already patched the bugs without mentioning them in the update release notes, as requested by the researchers. A full list of tested VPN apps on various devices is available in the researchers’ paper. Users are advised to check whether their VPN is on the list and, if it is vulnerable, to check whether the vendor has fixed the bugs. If that information is not publicly available, users may want to contact the vendor’s tech support and ask.
Some patched VPNs include Mozilla VPN, Surfshark, Malwarebytes, Windscribe, and Cloudflare’s WARP. Cisco has confirmed that its Cisco Secure Client and AnyConnect Secure Mobility Client for Linux, macOS, and Windows are vulnerable to CVE-2023-36672, but only in a specific, non-default configuration. Mullvad says only its iOS app is vulnerable to the LocalNet attack.
The researchers advise users to mitigate the LocalNet attack by disabling local network access and to assure websites use HTTPS, which many websites now support.
Source: Help Net Security
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.