How severe is CVE-2023-36673?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2023-36673?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2023-36673 - HIGH Severity | CVSS 7.3

Vulnerability Description

An issue was discovered in Avira Phantom VPN through 2.23.1 for macOS. The VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel, even if this traffic is not generated by the VPN client, while simultaneously using plaintext DNS to look up the VPN server's IP address. This allows an adversary to trick the victim into sending traffic to arbitrary IP addresses in plaintext outside the VPN tunnel. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "ServerIP attack, combined with DNS spoofing, that can leak traffic to an arbitrary IP address" rather than to only Avira Phantom VPN.

Related Vulnerabilities

CVE-2024-44276

HIGH

CVSS:7.3(High)

This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in iOS 18.2 and iPadOS 18.2. A user in a privileged network position may be able to leak sensitiv...

CWE-3192024

CVE-2017-9035

HIGH

CVSS:7.4(High)

Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows attackers to eavesdrop and tamper with updates by leveraging unencrypted communications with update servers.

CWE-3192017

CVE-2018-7960

HIGH

CVSS:7.4(High)

There is a SRTP icon display vulnerability in Huawei eSpace product. An unauthenticated, remote attacker launches man-in-the-middle attack to intercept the packets in non-secure transmission mode. Suc...

CWE-3192018

CVE-2019-13498

HIGH

CVSS:7.4(High)

One Identity Cloud Access Manager 8.1.3 does not use HTTP Strict Transport Security (HSTS), which may allow man-in-the-middle (MITM) attacks. This issue is fixed in version 8.1.4.

CWE-3192019

CVE-2020-11718

HIGH

CVSS:7.4(High)

An issue was discovered in Programi Bilanc build 007 release 014 31.01.2020 and below. Its software-update packages are downloaded via cleartext HTTP.

CWE-3192020

CVE-2020-4899

HIGH

CVSS:7.4(High)

IBM API Connect 5.0.0.0 through 5.0.8.10 could potentially leak sensitive information or allow for data corruption due to plain text transmission of sensitive information across the network. IBM X-For...

CWE-3192020