CVE-2024-7595

MEDIUM

GRE/GRE6 - Spoofing

Title source: llm

Description

GRE and GRE6 Protocols (RFC2784) do not validate or verify the source of a network packet allowing an attacker to spoof and route arbitrary traffic via an exposed network interface that can lead to spoofing, access control bypass, and other unexpected network behaviors. This can be considered similar to CVE-2020-10136.

Exploits (1)

nomisec WORKING POC 11 stars

by PapayaJackal · poc

https://github.com/PapayaJackal/ipeeyoupeewepee

View Code ZIP pw:eip

References (3)

[Technical Description, Related] https://datatracker.ietf.org/doc/html/rfc2784

[Technical Description, Related] https://www.rfc-editor.org/rfc/rfc6169.html

[Third Party Advisory, US Government Resource] https://www.kb.cert.org/vuls/id/199397

Scores

CVSS v3 6.5

EPSS 0.0115

EPSS Percentile 78.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

Status published

Products (2)

ietf/generic_routing_encapsulation

ietf/generic_routing_encapsulation6

Published Feb 05, 2025

Tracked Since Feb 18, 2026