CVE-2020-10136

Summary

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Affected Software

VendorProductVersion RangeStatus
IETFRFC2003 - IP Encapsulation within IPSTD 1affected

Weaknesses

  • CWE-290: CWE-290 Authentication Bypass by Spoofing

Workarounds

Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4).

ADP Enrichment

CVE Program Container

Additional References

References