Jonatan1 Posted June 14 Share Posted June 14 Recently there has been a new VPN vulnerability discovered called TunnelVision. Link here: https://www.leviathansecurity.com/blog/tunnelvision I was wondering if Kaspersky is taking any measures against this and what are your thoughts on this new vulnerability? Link to comment Share on other sites More sharing options...
Berny Posted June 14 Share Posted June 14 @Jonatan1 Welcome. 28 minutes ago, Jonatan1 said: vulnerability Kaspersky ‘s detection rate is close to 100% ! Link to comment Share on other sites More sharing options...
Solution Flood and Flood's wife Posted June 14 Solution Share Posted June 14 (edited) 39 minutes ago, Jonatan1 said: Recently there has been a new VPN vulnerability discovered called TunnelVision. Link here: https://www.leviathansecurity.com/blog/tunnelvision I was wondering if Kaspersky is taking any measures against this and what are your thoughts on this new vulnerability? Hello @Jonatan1, Welcome! Kaspersky on X, have made a small statement: https://x.com/kaspersky/status/1789902869199757660: "A somewhat esoteric VPN attack, TunnelVision, uses the DHCP option 121 to relay VPN traffic without any encryption. Android is not vulnerable to this, while on other platforms, mitigating the vulnerability involves enhanced scrutiny of routing configurations transmitted via DHCP." & referenced the same article as you have: TunnelVision (CVE-2024-3661): How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak Thank you🙏 Flood🐳+🐋 Edited June 14 by Flood and Flood's wife added quoted text Link to comment Share on other sites More sharing options...
Jonatan1 Posted June 14 Author Share Posted June 14 Thanks for the info and fast reply! I tried replicating a TunnelVision attack using Kaspersky and got a selective denial-of-service. I presume that as long as full-tunnel mode is used, no traffic is permitted outside of the tunnel. 1 Link to comment Share on other sites More sharing options...
Flood and Flood's wife Posted June 14 Share Posted June 14 2 minutes ago, Jonatan1 said: I tried replicating a TunnelVision attack using Kaspersky and got a selective denial-of-service. I presume that as long as full-tunnel mode is used, no traffic is permitted outside of the tunnel. Hello @Jonatan1, You're most welcome! Thank you for posting back! IF that's a question & if (you) have licensed Kaspersky software - please raise it with Kaspersky VPN specialists - via - Kaspersky Customer Service - https://support.kaspersky.com/b2c#contacts - on the support page, select either Chat or Email fill in the template as in the image below - noting there's no "I have a question" template but it would be good if there was (ioo) - the template below is the the best possible out of all available; and provide a *detailed history* Tip: stay on top of the issue - IF they don't hear back from you they'll close the INC/Suggestion. Tip 1. IF (you) connect via Chat - request a copy of the Chat transcript be emailed to you - it's the only record you'll have of the Chat & there's no option available for you tp select to have the transcript sent to you - it has to be done from Kaspersky's side. Please share the outcome with the Community, when it's available? Thank you🙏 Flood🐳+🐋 Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now