Real IP address disclosure in Clario VPN for macOS
| Risk | Medium |
| Patch available | NO |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2023-36671 |
| CWE-ID | CWE-319 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Clario VPN for macOS Client/Desktop applications / Other client software |
| Vendor | Clario Tech DMCC |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
1) Cleartext transmission of sensitive information
EUVDB-ID: #VU82574
Risk: Medium
CVSSv3.1: 4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C]
CVE-ID: CVE-2023-36671
CWE-ID:
CWE-319 - Cleartext Transmission of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to the VPN client insecurely configures the operating system such that all IP traffic to the VPN server's IP address is sent in plaintext outside the VPN tunnel even if this traffic is not generated by the VPN client. A remote attacker can trick the victim into sending plaintext traffic to the VPN server's IP address and thereby deanonymize the victim.
MitigationCybersecurity Help is currently unaware of any official solution to address this vulnerability.
Vulnerable software versionsClario VPN for macOS: 5.9.1.1662
External linkshttp://tunnelcrack.mathyvanhoef.com/details.html
http://clario.co/vpn-for-mac/
http://github.com/advisories/GHSA-43fw-xm94-j3mx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
