A New Threat to VPN Security: The TunnelVision Attack

Check Point

A New Threat to VPN Security: The TunnelVision Attack

In the realm of cybersecurity, a new threat has emerged. This threat, known as the “TunnelVision” attack, has the potential to leak VPN traffic using rogue DHCP servers. This article will provide an in-depth look at this new attack, its implications, and potential countermeasures.


Understanding the Threat

The TunnelVision attack is a new method that can route traffic outside a VPN’s encryption tunnel. This allows attackers to observe unencrypted traffic while maintaining the appearance of a secure VPN connection. The attack is based on the abuse of the Dynamic Host Configuration Protocol’s (DHCP) option 121.

How Does It Work?

The attackers set up a rogue DHCP server that alters the routing tables. This means that all VPN traffic is sent straight to the local network or a malicious gateway, never entering the encrypted VPN tunnel. The report from Leviathan Security explains, “Our technique is to run a DHCP server on the same network as a targeted VPN user and to also set our DHCP configuration to use itself as a gateway.”

The Implications

The issue lies in DHCP’s lack of an authentication mechanism for incoming messages that could manipulate routes. This vulnerability has been assigned the identifier CVE-2024-3661. The security researchers note that this vulnerability has been available for exploitation by bad actors since at least 2002. However, there are no known cases of active exploitation in the wild.

Mitigation Measures

Users are more likely to be impacted by TunnelVision attacks if they connect their device to a network that is either controlled by the attacker or where the attacker has a presence. Possible scenarios would include public Wi-Fi networks like those in coffee shops, hotels, or airports. The VPN on the targeted device must be susceptible to routing manipulation. Finally, automatic DHCP configuration on the target device needs to be enabled.


The TunnelVision attack represents a significant threat to VPN security. By understanding this threat and implementing appropriate countermeasures, users can protect their VPN traffic from potential leaks. As the cybersecurity landscape continues to evolve, staying informed about new threats and vulnerabilities is crucial for maintaining a secure online presence.

You think you have a story worth everyone’s time? SUBMIT A STORY and we will publish it.

Share this content:

Post Comment