CVE-2023-48957

Published: Aug 25, 2024Modified: Mar 14, 2025

5.3

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.

Affected (1)

Products: Purevpn: Purevpn

Purevpn

1 product

Purevpn

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Purevpn Purevpn	Version 2.0.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (2)

https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purevpn-one-remains-unpatched/

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureVPN.html?m=1

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.