Network Packet Spoofing Vulnerability in Generic UDP Encapsulation by IETF
CVE-2024-7596

6.5MEDIUM

Key Information:

Vendor: Ietf
Status: Draft-ietf-intarea-gue-09
Vendor: CVE Published:; 5 February 2025

Summary

The Generic UDP Encapsulation (GUE) draft specification proposed by IETF has been identified with a vulnerability that allows an attacker to spoof the source of network packets. Due to a lack of validation and verification of incoming network packets, malicious actors can redirect arbitrary traffic through exposed network interfaces. This flaw can lead to significant security risks, including unauthorized access and unexpected behaviors in network administration. For additional insights into the vulnerability, refer to the official IETF draft and the RFC documentation.

Affected Version(s)

draft-ietf-intarea-gue-09 GUE-09

References

https://datatracker.ietf.org/doc/draft-ietf-intarea-gue/

https://www.rfc-editor.org/rfc/rfc6169.html

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 5, 2025
Vulnerability Reserved
Aug 7, 2024