Vulnerability Details
Basic Information
| Title | Security Bulletin: IBM Technical Suppport Appliance – possible security flaw in DHCP processing that may leak and disrupt network traffic |
|---|---|
| Type | ibm |
| Published | 2025-04-28T22:21:55 |
| Last Seen | 2025-04-29T02:56:36 |
| CVSS Score | 7.6 (HIGH) |
CVSS v3 Details
| Attack Vector | ADJACENT |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | LOW |
| Availability Impact | LOW |
CVE Information
| CVE IDs | CVE-2024-3661 |
|---|---|
| CWE | |
| Bulletin Family | software |
Description
A flaw in the network manager may cause network traffic to be read and possibly modified when it was expected that the network traffic was protected by a VPN.
## Vulnerability Details
**CVEID:**CVE-2024-3661
**DESCRIPTION:** DHCP can add routes to a clientβs routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN.
**CWE:**CWE-306: Missing Authentication for Critical Function
**CVSS Source:** NVD
**CVSS Base score:** 7.6
**CVSS Vector:**(CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L)
## Affected Products and Versions
Affected Product(s)| Version(s)
—|—
Technical Support Appliance| All
## Remediation/Fixes
Update the IBM Technical Support Appliance to 3.0.3. Refer to the online support documentation on how to perform an update.
## Workarounds and Mitigations
None
##
Impact Assessment
| Base Score | 7.6 |
|---|---|
| Severity | HIGH |