CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
87.6%
IP Encapsulation within IP (RFC2003 IP-in-IP) can be abused by an unauthenticated attacker to unexpectedly route arbitrary network traffic through a vulnerable device.
IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar to IPSEC VPNs in tunnel mode, except in the case of IP-in-IP, the traffic is unencrypted. As specified, the protocol unwraps the inner IP packet and forwards this packet through IP routing tables, potentially providing unexpected access to network paths available to the vulnerable device. An IP-in-IP device is considered to be vulnerable if it accepts IP-in-IP packets from any source to any destination without explicit configuration between the specified source and destination IP addresses. This unexpected Data Processing Error (CWE-19) by a vulnerable device can be abused to perform reflective DDoS and in certain scenarios used to bypass network access control lists. Because the forwarded network packet may not be inspected or verified by vulnerable devices, there are possibly other unexpected behaviors that can be abused by an attacker on the target device or the target deviceβs network environment.
An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls.
The CERT/CC recommends that you apply the latest patch provided by the affected vendor that addresses this issue. Review the vendor information below or contact your vendor or supplier for specific mitigation advice. If a device has the ability to disable IP-in-IP in its configuration, it is recommended that you disable IP-in-IP in all interfaces that do not require this feature. Device manufacturers are urged to disable IP-in-IP in their default configuration and to require their customers to explicitly configure IP-in-IP as and when needed.
Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4).
A proof-of-concept originally written by Yannay Livneh is available in the CERT/CC PoC respository.
This Snort IDS rule looks for any IP-in-IP traffic, whether intentional or not seen at upstream network path of a vulnerable device. This Snort or Suricata rule can be modified to apply filters that ignore sources and destinations that are allowed by policy to route IP-in-IP traffic.
alert ip any any -> any any (msg: "IP-in-IP Tunneling VU#636397 https://kb.cert.org"; ip_proto:4; sid: 1367636397; rev:1;)
Thanks to Yannay Livneh for reporting this issue to us.
This document was written by Vijay Sarvepalli.
636397
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Notified: 2020-03-26 Updated: 2020-06-24 CVE-2020-10136 | Affected |
---|
Please visit Cisco public advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4
Updated: 2020-06-24 CVE-2020-10136 | Affected |
---|
SAROS VERSION 8.1.0.1 (Bootloader 7.67) released on 23 April 2020 fixes this issue.
Updated: 2020-06-24 CVE-2020-10136 | Affected |
---|
We have not received a statement from the vendor.
HP Security Bulletin c06640149 addresses this vulnerability along with others impacting HP Samsung branded printers. https://support.hp.com/us-en/document/c06640149
Updated: 2020-06-24 CVE-2020-10136 | Affected |
---|
We have not received a statement from the vendor.
As of September 12, 2016, HP has acquired and presently owns Samsung printerβs division. Please see HP vendor section for further information. https://investor.hp.com/news/press-release-details/2016/HP-Acquires-Samsung-Printer-Business/default.aspx
Updated: 2020-06-24 CVE-2020-10136 | Affected |
---|
Starting with Treck release 6.0.1.67, configuring a 6over4 tunnel no longer automatically enables IP encapsulation within IP
Please update your Treck embedded TCP/IP software to the version 6.0.1.67 or later to prevent unexpected tunneling behavior in your TCP/IP stack.
Notified: 2020-04-09 Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
Allegro Software does not provide operating systems or network TCP/IP stack. Only webserver software is OEM sold to device manufacturers
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
Aruba Networks has tested products across our range and has not found the vulnerable behavior to be allowed anywhere. To the best of our knowledge no Aruba Network products are affected by this vulnerability.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
Default configurations of illumos, even where packet-forwarding is enabled (see the routeadm(1M) man page), should not be vulnerable to this attack.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
LANCOM Systems products are not vulnerable to these vulnerabilities.
Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
We have surveyed our products and determined we are unaffected by this issue.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-06-15 Updated: 2020-06-24
Statement Date: June 23, 2020
CVE-2020-10136 | Not Affected |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-08 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-28 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Updated: 2020-09-30 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
Notified: 2020-04-29 Updated: 2020-06-24 CVE-2020-10136 | Unknown |
---|
We have not received a statement from the vendor.
View all 132 vendors __View less vendors __
CVE IDs: | CVE-2020-10136 |
---|---|
Date Public: | 2020-06-01 Date First Published: |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS
Percentile
87.6%