- Description
- Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.
- Source
- cret@cert.org
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.7
- Exploitability score
- 2.2
- Vector string
- CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2024-7596 Generic UDP Encapsulation (GUE) Vulnerability Enables Arbitrary Network Traffic Spoofing https://t.co/MAyyqGya6X
@VulmonFeeds
6 Feb 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-7596 Proposed Generic UDP Encapsulation (GUE) (IETF Draft) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic… https://t.co/h0HNrakjZh
@CVEnew
5 Feb 2025
144 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ICYMI—the SEI's CERT Division released a vulnerability note: insecure implementation of tunneling protocols (GRE/IPIP/4in6/6in4). (CVE-2020-10136, CVE-2024-7595, CVE-2024-7596, CVE-2025-23018, and CVE-2025-23019) https://t.co/yKpfXOEaVX https://t.co/onq3OwwNde
@SEI_CMU
22 Jan 2025
151 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ietf:generic_udp_encapsulation:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6F21F2CB-F6FF-47F1-ABEF-0AA0D883B8C1"
}
],
"operator": "OR"
}
]
}
]