CVE-2023-36672

Vulnerability

The Clario VPN client for macOS, up to version 5.9.1.1662, misconfigures the operating system such that traffic destined for the local network is sent in plaintext outside the VPN tunnel when the local network uses a non-RFC1918 IP subnet. This design flaw, part of the broader TunnelCrack LocalNet attack class [1], stems from the VPN client's failure to properly restrict routing rules to only private IP ranges, allowing arbitrary IP addresses advertised by a rogue DHCP server to be treated as local and thus excluded from VPN encryption [1].

Exploitation

An adversary must control a Wi-Fi network that the victim connects to (e.g., a rogue access point) and must advertise a non-RFC1918 IP range (e.g., a public IP subnet) as the local network via DHCP. No authentication, user interaction beyond connecting to the malicious network, or race condition is required. The victim's Clario VPN client, believing those IPs are local, exempts them from the encrypted tunnel, causing all traffic to those addresses to be sent in plaintext outside the VPN [1].

Impact

Successful exploitation allows the adversary to intercept, read, and potentially modify any IP traffic sent by the victim to the advertised non-RFC1918 local network range. This results in information disclosure and loss of confidentiality, with the attacker able to steal sensitive data, credentials, or attack the victim's devices as if no VPN were active [1].

Mitigation

Clario has not released a public patch as of August 9, 2023; the advisory notes that updates for some VPNs were coordinated, but Clario is not listed among the patched vendors [1]. Users can mitigate by avoiding untrusted Wi-Fi networks, manually configuring firewall rules to block traffic to non-RFC1918 subnets outside the tunnel, or switching to a VPN client that correctly restricts local network exceptions to private IP ranges only [1][3].