CVE-2024-7595

MEDIUM EPSS 70.8%

Published Feb 5, 20251y ago · Modified Jun 17, 20261w ago

6.5 CVSS 3.1

Medium

Published Feb 5, 2025 1y ago

Last Modified Jun 17, 2026 1w ago

Description

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

CVSS Details

Base Score

6.5

Exploitability

2.2

Impact

3.7

Vector string

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

Attack Vector Network

Attack Complexity High

Privileges Required None

User Interaction None

Scope Changed

Confidentiality Low

Integrity Low

Availability Low

Threat Intelligence

EPSS Exploit Probability

70.8% percentile

Exploit & Patch Status

No Known Exploit

No Patch Available

Affected Products 2

Vendor	Product	Version	Range
ietf	generic_routing_encapsulation	*	any
ietf	generic_routing_encapsulation6	*	any

References 3

datatracker.ietf.org https://datatracker.ietf.org/doc/html/rfc2784

Technical DescriptionRelated
kb.cert.org https://www.kb.cert.org/vuls/id/199397
rfc-editor.org https://www.rfc-editor.org/rfc/rfc6169.html

Technical DescriptionRelated

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.