MEDIUM🇵🇱 Wersja polska

CVE-2024-7595

CVSS 6.5v3.1pub. 2025-02-05upd. 2025-11-03

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
  • Ietf Generic Routing Encapsulation

    APP
    Ietf
    wszystkie wersje
  • Ietf Generic Routing Encapsulation6

    APP
    Ietf
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2004-2761CRITICAL9.8ten sam vendor

The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attac...

CVE-2023-44487HIGH7.5⚠ KEVten sam vendor

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can ...

CVE-2016-10142HIGH8.6ten sam vendor

An issue was discovered in the IPv6 protocol specification, related to ICMP Packet Too Big (PTB) messages. (Th...

CVE-2015-8960HIGH8.1ten sam vendor

The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, dss_fixed_dh, rsa_fixed_ecdh, and ecdsa_fixed_ecdh...

CVE-2007-2242HIGH7.8ten sam vendor

The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (...