CVE-2023-35838
CVSS 3.1 Score 5.7 of 10 (medium)
Details
Summary
CVE-2023-35838 is a vulnerability affecting the WireGuard client 0.5.3 on Windows. This issue insecurely configures the operating system and firewall, causing local network traffic utilizing non-RFC1918 IP addresses to be blocked. Adversaries can exploit this vulnerability by tricking victims into blocking IP traffic to specific addresses and services, even when the VPN is active. The impact of this vulnerability extends beyond WireGuard, as the term "LocalNet attack" refers more broadly to this class of security issues on the tunnelcrack.mathyvanhoef.com website.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- WireGuard
Affected Vendors
- Wireguard