CVE-2020-10136

high-risk

Published 2020-06-02

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Do I need to act?

16.0% chance of exploitation in next 30 days

EPSS score — higher than 84% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 5.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Nx-Os

Affected Vendors

Hp Cisco Digi Treck

References (11)

https://datatracker.ietf.org/doc/html/rfc6169

Third Party Advisory https://kb.cert.org/vuls/id/636397/

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n...

Third Party Advisory https://www.digi.com/resources/security

Third Party Advisory https://www.kb.cert.org/vuls/id/636397

https://datatracker.ietf.org/doc/html/rfc6169

Third Party Advisory https://kb.cert.org/vuls/id/636397/

Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-n...

Third Party Advisory https://www.digi.com/resources/security

https://www.kb.cert.org/vuls/id/199397

Third Party Advisory https://www.kb.cert.org/vuls/id/636397

/ 100

high-risk

Severity 21/34 · High

Exploitability 13/34 · Low

Exposure 33/34 · Critical