Trusttunnel
Monthly
TrustTunnel VPN protocol versions prior to 0.9.115 contain a rule bypass vulnerability where fragmented TLS ClientHello messages fail to extract the client random value, causing the rules engine to skip client_random_prefix matching conditions and allow traffic that should be blocked. Public exploit code exists for this medium-severity network-accessible vulnerability affecting Industrial and TrustTunnel products. A patch is available for affected versions.
TrustTunnel versions prior to 0.9.114 fail to validate private network restrictions when processing numeric IP addresses in TCP connections, enabling authenticated attackers to bypass SSRF protections and reach loopback or internal network targets. The vulnerability exists because IP-based connection requests skip the same security checks applied to hostname-based requests. Public exploit code exists; upgrade to version 0.9.114 or later to remediate.
TrustTunnel VPN protocol versions prior to 0.9.115 contain a rule bypass vulnerability where fragmented TLS ClientHello messages fail to extract the client random value, causing the rules engine to skip client_random_prefix matching conditions and allow traffic that should be blocked. Public exploit code exists for this medium-severity network-accessible vulnerability affecting Industrial and TrustTunnel products. A patch is available for affected versions.
TrustTunnel versions prior to 0.9.114 fail to validate private network restrictions when processing numeric IP addresses in TCP connections, enabling authenticated attackers to bypass SSRF protections and reach loopback or internal network targets. The vulnerability exists because IP-based connection requests skip the same security checks applied to hostname-based requests. Public exploit code exists; upgrade to version 0.9.114 or later to remediate.