IP-in-IP Vulnerability Affects Devices From Cisco and Others

silversurfer

Super Moderator
Thread author
Verified
Top Poster
Staff Member
Malware Hunter
Aug 17, 2014
11,114
A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service (DoS) attacks and to bypass security controls has been found to impact devices from Cisco and other vendors.

“An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls,” the CERT Coordination Center (CERT/CC) said in an advisory published on Tuesday.

Cisco has released security updates to address the vulnerability in its NX-OS software. Tracked as CVE-2020-10136 and featuring a CVSS score of 8.6, the security flaw was identified in the network stack of the software and it can be exploited by a remote attacker, without authentication.

An attacker able to successfully exploit the issue could bypass certain security boundaries or cause a DoS condition, the company warns.

“The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device,” Cisco explains in an advisory.

An attacker could cause the impacted device to decapsulate the IP-in-IP packet and then forward the inner IP packet, thus causing IP packets to bypass input access control lists (ACLs) on the device or other security boundaries on the network.

“Under certain conditions, an exploit could cause the network stack process to crash and restart multiple times, leading to a reload of the affected device and a DoS condition,” Cisco also explains.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top