IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Fixes

Solution

Customers should apply the latest patch provided by the affected vendor that addresses this issue and prevents unspecified IP-in-IP packets from being processed. Devices manufacturers are urged to disable IP-in-IP in their default configuration and require their customers to explicitly configure IP-in-IP as and when needed.


Workaround

Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4).

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2024-09-17T00:56:11.850Z

Reserved: 2020-03-05T00:00:00

Link: CVE-2020-10136

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-02T09:15:09.967

Modified: 2024-11-21T04:54:53.377

Link: CVE-2020-10136

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-06-09T14:00:00Z

Links: CVE-2020-10136 - Bugzilla

cve-icon OpenCVE Enrichment

No data.