CVE-2020-10136
N/A
N/A
Summary
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| IETF | RFC2003 - IP Encapsulation within IP | STD 1 | affected |
Weaknesses
- CWE-290: CWE-290 Authentication Bypass by Spoofing
Workarounds
Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4).
ADP Enrichment
CVE Program Container
Additional References
- https://kb.cert.org/vuls/id/636397/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4
- https://www.digi.com/resources/security
- https://www.kb.cert.org/vuls/id/636397
- https://datatracker.ietf.org/doc/html/rfc6169
- https://www.kb.cert.org/vuls/id/199397
References
- https://kb.cert.org/vuls/id/636397/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4
- https://www.digi.com/resources/security
- https://www.kb.cert.org/vuls/id/636397
- https://datatracker.ietf.org/doc/html/rfc6169
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.