6.3

CVE-2024-6640

EPSS 0.02%
Published 12.08.2024 13:38:39
Last modified 26.11.2024 15:15:35
Source secteam@freebsd.org
Teams watchlist Login
Open Login

In ICMPv6 Neighbor Discovery (ND), the ID is always 0.  When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply.  The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated.

ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.

Affected products Warnungen 0 Metrics 2 CWE 1 References 5

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

This information is available to logged-in users.

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

VendorFreeBSD

≫

Product FreeBSD

Default Statusunknown

Version < p3

Version 14.1-RELEASE

Status affected

Version < p9

Version 14.0-RELEASE

Status affected

Version < p5

Version 13.3-RELEASE

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.02%	0.022

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0	6.3	2.8	3.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://security.freebsd.org/advisories/FreeBSD-SA-24:05.pf.asc

https://security.netapp.com/advisory/ntap-20240816-0008/

https://nvd.nist.gov/vuln/detail/CVE-2024-6640

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-6640

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-6640

EUVD