CVE-2023-35838

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Aug 9, 2023
Updated: Oct 31, 2023
CWE ID 610

Summary

CVE-2023-35838 is a vulnerability affecting the WireGuard client 0.5.3 on Windows. This issue insecurely configures the operating system and firewall, causing local network traffic utilizing non-RFC1918 IP addresses to be blocked. Adversaries can exploit this vulnerability by tricking victims into blocking IP traffic to specific addresses and services, even when the VPN is active. The impact of this vulnerability extends beyond WireGuard, as the term "LocalNet attack" refers more broadly to this class of security issues on the tunnelcrack.mathyvanhoef.com website.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share