vulnerability
Fortinet FortiClient: CVE-2024-3661: TunnelVision - CVE-2024-3661
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:A/AC:M/Au:N/C:P/I:P/A:P) | Jun 11, 2024 | Jun 25, 2025 | Nov 10, 2025 |
Severity
5
CVSS
(AV:A/AC:M/Au:N/C:P/I:P/A:P)
Published
Jun 11, 2024
Added
Jun 25, 2025
Modified
Nov 10, 2025
Description
Fortinet is aware of the recent publication of the TunnelVision vulnerability (CVE-2024-3661).The research [1] identified a technique to bypass the use of protected VPN tunnels when clients connect via untrusted network, such as rogue Wi-Fi network. This attack may allow an attacker controlled DHCP server on the same network as the targeted user to reroute VPN traffic by setting more specific routes than VPN's on target’s routing table. Note that this technique does not allow decrypting HTTPS traffic but rather allows to redirect the traffic through attacker controlled channels before the traffic is encrypted by the VPN.
Solution
fortinet-forticlient-upgrade-latest
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.