CVE-2020-10136
IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic
In short
The IP-in-IP protocol (RFC 2003) lacks proper validation of packets before processing them, allowing attackers to spoof traffic or bypass security controls by sending specially crafted encapsulated packets over the network.
Technical detail
The IP-in-IP encapsulation mechanism fails to validate source addresses and packet authenticity before decapsulation and routing, enabling remote unauthenticated attackers to perform IP spoofing attacks, circumvent access controls, and inject arbitrary traffic into the network routing path.
Summary generated and translated by AI from the official description.
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Affected products
IETF · RFC2003 - IP Encapsulation within IPWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://datatracker.ietf.org/doc/html/rfc6169https://kb.cert.org/vuls/id/636397/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4https://www.digi.com/resources/securityhttps://www.kb.cert.org/vuls/id/199397https://www.kb.cert.org/vuls/id/636397