Wireguard
CVE-2023-35838
MEDIUM
Severity by source
AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard.
AnalysisAI
The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-610. The WireGuard client 0.5.3 on Windows insecurely configures the operating system and firewall such that traffic to a local network that uses non-RFC1918 IP addresses is blocked. This allows an adversary to trick the victim into blocking IP traffic to selected IP addresses and services even while the VPN is enabled. NOTE: the tunnelcrack.mathyvanhoef.com website uses this CVE ID to refer more generally to "LocalNet attack resulting in the blocking of traffic" rather than to only WireGuard. Affected products include: Wireguard.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
Protonvpn versions up to 1.26.0 contains a vulnerability that allows attackers to potentially execute arbitrary code (CV
Memory exhaustion in Sliver C2 framework prior to version 1.7.0 allows unauthenticated remote attackers to bypass OTP va
Authenticated operators in Sliver C2 framework versions prior to 1.6.11 can read arbitrary files on the server through a
Privilege escalation in WireGuard Portal prior to version 2.1.3 allows authenticated non-admin users to gain full admini
Netmaker versions prior to 1.5.0 fail to properly validate host JWT tokens during authorization, allowing any attacker w
Netmaker versions prior to 1.5.0 fail to properly validate role assignments in the user update API endpoint, allowing au
Cilium versions 1.18.0-1.18.5 with Native Routing, WireGuard, and Node Encryption enabled incorrectly allow cross-node P
Netmaker versions prior to 1.5.0 expose WireGuard private keys through unauthenticated API endpoints when accessed by us
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today