1 Min Read
CVE-2024-3661
Originally published May 6, 2024.
Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.
Learn MoreDiscover and visualize every asset and every network connection in your OT environment.
Segment your network and enforce granular policies for true Zero Trust cybersecurity.
Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.
Monitor physical process signals to detect threats and prevent system damage.
With advanced technology and an expert team, Mission Secure helps organizations meet their most pressing OT security challenges.
Keep your organization secure against cyber threats and take control of your OT network.
View All IndustriesFind helpful OT and ICS cybersecurity resources, guides, and downloads.
View All ResourcesOur team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.
Learn MoreWritten by Mission Secure
CVE-2024-3661 exposes a vulnerability in DHCP routing options, allowing attackers to manipulate interface-based VPN traffic, potentially leading to the interception, disruption, or modification of network traffic that should be protected by the VPN. This poses significant security risks to operational technology (OT) environments relying on VPNs for secure communication and data transmission, potentially compromising critical infrastructure and processes.
From the CVE database:
By design, the DHCP protocol does not authenticate messages, including for example the classless static route option (121). An attacker with the ability to send DHCP messages can manipulate routes to redirect VPN traffic, allowing the attacker to read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. Many, if not most VPN systems based on IP routing are susceptible to such attacks.
https://www.cve.org/CVERecord?id=CVE-2024-3661
Originally published May 6, 2024.