mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
129 lines
4.7 KiB
JSON
129 lines
4.7 KiB
JSON
{
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"data_version": "4.0",
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2020-10136",
|
|
"ASSIGNER": "cert@cert.org",
|
|
"DATE_PUBLIC": "2020-06-01T00:00:00.000Z",
|
|
"TITLE": "Decapsulation and routing of unidentified IP-in-IP traffic allows a remote, unauthenticated attacker to route arbitrary network traffic",
|
|
"AKA": "",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"source": {
|
|
"defect": [
|
|
"VU#636397"
|
|
],
|
|
"advisory": "VU#636397",
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "IETF",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "RFC2003 - IP Encapsulation within IP",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_name": "STD 1",
|
|
"version_affected": "=",
|
|
"version_value": "STD 1",
|
|
"platform": ""
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "CWE-19 Data Processing Errors"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Multiple products that implement the IP Encapsulation within IP standard (RFC 2003, STD 1) decapsulate and route IP-in-IP traffic without any validation, which could allow an unauthenticated remote attacker to route arbitrary traffic via an exposed network interface and lead to spoofing, access control bypass, and other unexpected network behaviors."
|
|
}
|
|
]
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"refsource": "CERT-VN",
|
|
"url": "https://kb.cert.org/vuls/id/636397/",
|
|
"name": "VU#636397"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4",
|
|
"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4"
|
|
},
|
|
{
|
|
"refsource": "MISC",
|
|
"url": "https://www.digi.com/resources/security",
|
|
"name": "https://www.digi.com/resources/security"
|
|
},
|
|
{
|
|
"refsource": "CERT-VN",
|
|
"name": "VU#636397",
|
|
"url": "https://www.kb.cert.org/vuls/id/636397"
|
|
}
|
|
]
|
|
},
|
|
"configuration": [],
|
|
"impact": {
|
|
"cvss": {
|
|
"version": "3.1",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "LOW",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
|
|
"baseScore": 5.3,
|
|
"baseSeverity": "MEDIUM"
|
|
}
|
|
},
|
|
"exploit": [],
|
|
"work_around": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Users can block IP-in-IP packets by filtering IP protocol number 4. Note this filtering is for the IPv4 Protocol (or IPv6 Next Header) field value of 4 and not IP protocol version 4 (IPv4)."
|
|
}
|
|
],
|
|
"solution": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Customers should apply the latest patch provided by the affected vendor that addresses this issue and prevents unspecified IP-in-IP packets from being processed. Devices manufacturers are urged to disable IP-in-IP in their default configuration and require their customers to explicitly configure IP-in-IP as and when needed."
|
|
}
|
|
],
|
|
"credit": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "Thanks to Yannay Livneh for reporting this issue."
|
|
}
|
|
]
|
|
} |