GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors.
This can be considered similar to CVE-2020-10136.
References
Link | Resource |
---|---|
https://datatracker.ietf.org/doc/html/rfc2784 | Technical Description Related |
https://www.rfc-editor.org/rfc/rfc6169.html | Technical Description Related |
Configurations
Configuration 1 (hide)
|
History
06 Feb 2025, 18:14
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:ietf:generic_routing_encapsulation6:-:*:*:*:*:*:*:* cpe:2.3:a:ietf:generic_routing_encapsulation:-:*:*:*:*:*:*:* |
|
References | () https://datatracker.ietf.org/doc/html/rfc2784 - Technical Description, Related | |
References | () https://www.rfc-editor.org/rfc/rfc6169.html - Technical Description, Related | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
First Time |
Ietf generic Routing Encapsulation6
Ietf generic Routing Encapsulation Ietf |
06 Feb 2025, 15:56
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
05 Feb 2025, 18:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-02-05 18:15
Updated : 2025-02-06 22:15
NVD link : CVE-2024-7595
Mitre link : CVE-2024-7595
CVE.ORG link : CVE-2024-7595
JSON object : View
Products Affected
ietf
- generic_routing_encapsulation6
- generic_routing_encapsulation
CWE