Lucene search
K

6 matches found

Tenable Nessus
Tenable Nessus
added 2023/07/25 12:0 a.m.42 views

Cisco NX-OS Software Unexpected IP in IP Packet Processing (CVE-2020-10136)

Multiple products that implement the IP Encapsulation within IP standard RFC 2003, STD 1 decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access...

5.3CVSS6.1AI score0.26458EPSS
Exploits0References5
Hacker One
Hacker One
added 2020/06/08 3:56 p.m.51 views

Internet Bug Bounty: IP-in-IP protocol routes arbitrary traffic by default - CVE-2020-10136

Many machines 150K-180K on the internet accept and route IP over IP by default. IP-in-IP encapsulation is a tunneling protocol specified in RFC 2003 that allows for IP packets to be encapsulated inside another IP packets. This is very similar to IPSEC VPNs in tunnel mode, except in the case of...

5CVSS5.6AI score0.26458EPSS
Exploits0
Circl
Circl
added 2020/06/03 4:0 a.m.11 views

CVE-2020-10136

creationtimestamp| type| source ---|---|--- 2020-06-03 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=482 2020-06-03 12:39:40+00:00| seen| https://www.kyberturvallisuuskeskus.fi/fi/ip-ip-protokollan-toteutuksissa-haavoittuvuuksia 2020-06-03 14:30:02+00:00| seen|...

5.3CVSS6.3AI score0.26458EPSS
Exploits0References12
ThreatPost
ThreatPost
added 2020/06/02 4:16 p.m.297 views

Severe Cisco DoS Flaw Can Cripple Nexus Switches

Cisco has patched a high-severity flaw in its NX-OS software, the network operating system used by Cisco’s Nexus-series Ethernet switches. If exploited, the vulnerability could allow an unauthenticated, remote attacker to bypass the input access control lists ACLs configured on affected Nexus...

5CVSS0.26869EPSS
Exploits1References12
Cvelist
Cvelist
added 2020/06/02 8:35 a.m.46 views

CVE-2020-10136 IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic

IP-in-IP protocol specifies IP Encapsulation within IP standard RFC 2003, STD 1 that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing...

5.4AI score0.26458EPSS
Exploits0References5
CVE
CVE
added 2020/06/02 8:35 a.m.171 views

CVE-2020-10136

CVE-2020-10136 concerns the IP Encapsulation within IP (IPIP) decapsulation path that decapsulates and routes IP-in-IP traffic without validation of the source network packets, enabling spoofing and potential access-control bypass and other unexpected behavior. The NVD entry assigns a MEDIUM seve...

5.3CVSS5.2AI score0.26458EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder