CVE-2024-7595
Last modified
CVE-2024-7595 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.. EPSS estimates a 1.49% chance of exploitation in the next 30 days.
Description
GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ietf | Generic Routing Encapsulation | All versions |
| Ietf | Generic Routing Encapsulation6 | All versions |
References
- https://datatracker.ietf.org/doc/html/rfc2784Technical Description, Related
- https://www.rfc-editor.org/rfc/rfc6169.htmlTechnical Description, Related
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-7595?
How severe is CVE-2024-7595?
How do I fix CVE-2024-7595?
Are you affected by CVE-2024-7595?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST