CVE-2020-10136Authentication Bypass by Spoofing in Rfc2003 IP Encapsulation Within IP

CWE-290Authentication Bypass by SpoofingCWE-284Improper Access ControlCWE-200Sensitive Information ExposureCWE-19CWE-348Use of Less Trusted Source11 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
16.0%
top 5.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Digi SarosHP X3220nr FirmwareTreck TCP IP+4 more
Timeline
PublishedJun 2
Latest updateJan 14

Description

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages7 packages

NVDdigi/saros< 8.1.0.1
NVDtreck/tcp_ip< 6.0.1.67
NVDhp/x3220nr_firmware< 3.00.11.08
CVEListV5ietf/ipv66

🔴Vulnerability Details

2
GHSA
GHSA-8gxc-83hw-9578: Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validati2022-05-24
CVEList
IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic2020-06-02

📋Vendor Advisories

5
Red Hat
networkmanager: GRE & GRE6 protocol excessive trust2025-01-14
Red Hat
networkmanager: 4in6 and 6in6 protocols excessive trust2025-01-14
Red Hat
networkmanager: UDP encapsulation protocol excessive trust2025-01-14
Red Hat
kernel: IP-in-IP protocol routes arbitrary traffic by default2020-06-09
Cisco
Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability2020-06-01

💬Community

2
HackerOne
IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-101362021-08-15
Bugzilla
CVE-2020-10136 kernel: IP-in-IP protocol routes arbitrary traffic by default2020-04-29
CVE-2020-10136 — Authentication Bypass by Spoofing | cvebase