CVE-2020-10136

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software (affected versions not specified)

Description The issue is related to the IP-in-IP protocol, which is vulnerable to spoofing and access-control bypass due to the lack of validation for network packets before decapsulation and routing. This could allow an unauthenticated, remote attacker to bypass certain security boundaries or cause a denial of service (DoS) condition on an affected device. The vulnerability can be exploited by sending a crafted IP in IP packet to an affected device, potentially causing the device to unexpectedly decapsulate the packet and forward the inner IP packet, bypassing input access control lists (ACLs) or other security boundaries. Under certain conditions, an exploit could cause the network stack process to crash and restart multiple times, leading to a reload of the affected device and a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.