CVE-2024-7596
Last modified
CVE-2024-7596 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.. EPSS estimates a 0.81% chance of exploitation in the next 30 days.
Description
Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Ietf | Generic Udp Encapsulation | All versions |
References
- https://datatracker.ietf.org/doc/draft-ietf-intarea-gue/Technical Description, Related
- https://www.rfc-editor.org/rfc/rfc6169.htmlTechnical Description, Related
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-7596?
How severe is CVE-2024-7596?
How do I fix CVE-2024-7596?
Are you affected by CVE-2024-7596?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST