How severe is CVE-2024-6640?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.3 out of 10.

What type of vulnerability is CVE-2024-6640?

This is classified as CWE-276, which is a common weakness in software security.

CVE-2024-6640 - MEDIUM Severity | CVSS 6.3

Vulnerability Description

In ICMPv6 Neighbor Discovery (ND), the ID is always 0. When pf is configured to allow ND and block incoming Echo Requests, a crafted Echo Request packet after a Neighbor Solicitation (NS) can trigger an Echo Reply. The packet has to come from the same host as the NS and have a zero as identifier to match the state created by the Neighbor Discovery and allow replies to be generated. ICMPv6 packets with identifier value of zero bypass firewall rules written on the assumption that the incoming packets are going to create a state in the state table.

Related Vulnerabilities

CVE-2020-12075

MEDIUM

CVSS:6.3(Medium)

The data-tables-generator-by-supsystic plugin before 1.9.92 for WordPress lacks capability checks for AJAX actions.

CWE-2762020

CVE-2021-33333

MEDIUM

CVSS:6.3(Medium)

The Portal Workflow module in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 93, 7.1 before fix pack 19 and 7.2 before fix pack 6, does not properly check user permission, which...

CWE-2762021

CVE-2021-3948

MEDIUM

CVSS:6.3(Medium)

An incorrect default permissions vulnerability was found in the mig-controller. Due to an incorrect cluster namespaces handling an attacker may be able to migrate a malicious workload to the target cl...

CWE-2762021

CVE-2022-31251

MEDIUM

CVSS:6.3(Medium)

A Incorrect Default Permissions vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. This issue affect...

CWE-2762022

CVE-2024-47240

MEDIUM

CVSS:6.3(Medium)

Dell Secure Connect Gateway (SCG) 5.24 contains an Incorrect Default Permissions vulnerability. A local attacker with low privileges can access the file system and could potentially exploit this vulne...

CWE-2762024

CVE-2012-5578

MEDIUM

CVSS:6.2(Medium)

Python keyring has insecure permissions on new databases allowing world-readable files to be created

CWE-2762012