A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service (DoS) attacks and to bypass security controls has been found to impact devices from Cisco and other vendors.
“An unauthenticated attacker can route network traffic through a vulnerable device, which may lead to reflective DDoS, information leak and bypass of network access controls,” the CERT Coordination Center (CERT/CC) said in an advisory published on Tuesday.
Cisco has released security updates to address the vulnerability in its NX-OS software. Tracked as CVE-2020-10136 and featuring a CVSS score of 8.6, the security flaw was identified in the network stack of the software and it can be exploited by a remote attacker, without authentication.
An attacker able to successfully exploit the issue could bypass certain security boundaries or cause a DoS condition, the company warns.
“The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device,” Cisco explains in an advisory.
An attacker could cause the impacted device to decapsulate the IP-in-IP packet and then forward the inner IP packet, thus causing IP packets to bypass input access control lists (ACLs) on the device or other security boundaries on the network.
“Under certain conditions, an exploit could cause the network stack process to crash and restart multiple times, leading to a reload of the affected device and a DoS condition,” Cisco also explains.