CVE-2024-7595

Name of the Vulnerable Software and Affected Versions GRE and GRE6 protocols (RFC2784) (affected versions not specified)

Description The GRE and GRE6 protocols do not validate or verify the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This can lead to spoofing, access control bypass, and other unexpected network behaviors. It is estimated that over 4 million systems, including VPN servers and home routers, are affected. The issue can be exploited by sending specially crafted packets to vulnerable hosts, leading to anonymous attacks, DoS attacks, DNS spoofing, and access to internal networks and IoT devices.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.