CVE-2023-36672

CVSS 3.1 Score 5.7 of 10 (medium)

Details

Published Aug 9, 2023
Updated: Oct 31, 2023
CWE ID 319

Summary

CVE-2023-36672 is a vulnerability affectting the Clario VPN client for macOS through version 5.9.1.1662. This issue permits traffic to the local network to be sent in plaintext outside the VPN tunnel, even if the local network utilizes a non-RFC1918 IP subnet. An adversary can exploit this vulnerability by tricking the victim into sending IP traffic in plaintext, posing a significant risk to data confidentiality. The vulnerability is not limited to Clario, as other systems may also be susceptible to similar "LocalNet attacks" resulting in plaintext traffic leakage.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share