Type	Vendor	Product	Version/Range	Vulnerable?
Application	fortinet	forticlient	< 7.2.5	Yes
Application	fortinet	forticlient	< 7.2.5	Yes
Application	fortinet	forticlient	< 7.2.5	Yes
Application	fortinet	forticlient	7.4.0	Yes
Application	fortinet	forticlient	7.4.0	Yes
Application	fortinet	forticlient	7.4.0	Yes
Application	cisco	anyconnect_vpn_client	-	Yes
Application	cisco	secure_client	-	Yes
Application	paloaltonetworks	globalprotect	*	Yes
Application	paloaltonetworks	globalprotect	*	Yes
Application	paloaltonetworks	globalprotect	*	Yes
Application	paloaltonetworks	globalprotect	*	Yes
Application	citrix	secure_access_client	< 24.06.1	Yes
Operating System	apple	iphone_os	-	No
Operating System	apple	macos	-	No
Application	citrix	secure_access_client	< 24.8.5	Yes
Operating System	linux	linux_kernel	-	No
Application	f5	big-ip_access_policy_manager	≤ 7.2.5	Yes
Application	f5	big-ip_access_policy_manager	≤ 15.1.10	Yes
Application	f5	big-ip_access_policy_manager	≤ 16.1.5	Yes
Application	f5	big-ip_access_policy_manager	≤ 17.1.2	Yes
Application	watchguard	ipsec_mobile_vpn_client	*	Yes
Application	watchguard	ipsec_mobile_vpn_client	*	Yes
Application	watchguard	mobile_vpn_with_ssl	*	Yes
Application	watchguard	mobile_vpn_with_ssl	*	Yes
Application	zscaler	client_connector	< 1.5.1.25	Yes
Application	zscaler	client_connector	< 4.2.0.282	Yes
Application	zscaler	client_connector	< 3.7.0.134	Yes
Application	zscaler	client_connector	-	Yes

• https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ Press/Media Coverage (9119a7d8-5eab-497f-8521-727c672e3725)
• https://bst.cisco.com/quickview/bug/CSCwk05814 Vendor Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://datatracker.ietf.org/doc/html/rfc2131#section-7 Related (9119a7d8-5eab-497f-8521-727c672e3725)
• https://datatracker.ietf.org/doc/html/rfc3442#section-7 Related (9119a7d8-5eab-497f-8521-727c672e3725)
• https://fortiguard.fortinet.com/psirt/FG-IR-24-170 Vendor Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://issuetracker.google.com/issues/263721377 Issue Tracking (9119a7d8-5eab-497f-8521-727c672e3725)
• https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ Press/Media Coverage (9119a7d8-5eab-497f-8521-727c672e3725)
• https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic Issue Tracking (9119a7d8-5eab-497f-8521-727c672e3725)
• https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://my.f5.com/manage/s/article/K000139553 Vendor Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://news.ycombinator.com/item?id=40279632 Issue Tracking (9119a7d8-5eab-497f-8521-727c672e3725)
• https://news.ycombinator.com/item?id=40284111 Issue Tracking (9119a7d8-5eab-497f-8521-727c672e3725)
• https://security.paloaltonetworks.com/CVE-2024-3661 Vendor Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 Vendor Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://tunnelvisionbug.com/ Exploit, Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://www.agwa.name/blog/post/hardening_openvpn_for_def_con Related (9119a7d8-5eab-497f-8521-727c672e3725)
• https://www.leviathansecurity.com/research/tunnelvision Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ Press/Media Coverage (9119a7d8-5eab-497f-8521-727c672e3725)
• https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 Mitigation, Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability Exploit, Third Party Advisory (9119a7d8-5eab-497f-8521-727c672e3725)
• https://arstechnica.com/security/2024/05/novel-attack-against-virtually-all-vpn-apps-neuters-their-entire-purpose/ Exploit, Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
• https://bst.cisco.com/quickview/bug/CSCwk05814 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://datatracker.ietf.org/doc/html/rfc2131#section-7 Related (af854a3a-2127-422b-91ae-364da2661108)
• https://datatracker.ietf.org/doc/html/rfc3442#section-7 Related (af854a3a-2127-422b-91ae-364da2661108)
• https://fortiguard.fortinet.com/psirt/FG-IR-24-170 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://issuetracker.google.com/issues/263721377 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
• https://krebsonsecurity.com/2024/05/why-your-vpn-may-not-be-as-secure-as-it-claims/ Exploit, Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
• https://lowendtalk.com/discussion/188857/a-rogue-dhcp-server-within-your-network-can-and-will-hijack-your-vpn-traffic Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
• https://mullvad.net/en/blog/evaluating-the-impact-of-tunnelvision Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://my.f5.com/manage/s/article/K000139553 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://news.ycombinator.com/item?id=40279632 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
• https://news.ycombinator.com/item?id=40284111 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
• https://security.paloaltonetworks.com/CVE-2024-3661 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://support.citrix.com/article/CTX677069/cloud-software-group-security-advisory-for-cve20243661 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://tunnelvisionbug.com/ Exploit, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://www.agwa.name/blog/post/hardening_openvpn_for_def_con Related (af854a3a-2127-422b-91ae-364da2661108)
• https://www.leviathansecurity.com/research/tunnelvision Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://www.theregister.com/2024/05/07/vpn_tunnelvision_dhcp/ Exploit, Press/Media Coverage (af854a3a-2127-422b-91ae-364da2661108)
• https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00009 Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
• https://www.zscaler.com/blogs/security-research/cve-2024-3661-k-tunnelvision-exposes-vpn-bypass-vulnerability Exploit, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)