CVE-2023-48957

low-risk

Published 2024-08-25

PureVPN Linux client 2.0.2-Productions fails to properly handle DNS queries, allowing them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Purevpn

Affected Vendors

Purevpn

References (2)

Exploit https://latesthackingnews.com/2023/11/13/multiple-vulnerabilities-found-in-purev...

Exploit https://www.rafaybaloch.com/2023/11/Multiple%20Critical-Vulnerabilities-in-PureV...

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal