CVE-2023-36672

Summary

CVE-2023-36672 is a vulnerability affectting the Clario VPN client for macOS through version 5.9.1.1662. This issue permits traffic to the local network to be sent in plaintext outside the VPN tunnel, even if the local network utilizes a non-RFC1918 IP subnet. An adversary can exploit this vulnerability by tricking the victim into sending IP traffic in plaintext, posing a significant risk to data confidentiality. The vulnerability is not limited to Clario, as other systems may also be susceptible to similar "LocalNet attacks" resulting in plaintext traffic leakage.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.