CVE-2020-10136
MEDIUMCisco NX-OS - Authentication Bypass by Spoofing via IP-in-IP Packet Handling
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2020-10136. PoCs published by PapayaJackal.
AI-analyzed exploit summary This repository contains a scanner and attack suite for exploiting CVE-2020-10136, which involves insecure implementation of IP-in-IP and GRE tunneling protocols. The tools allow sending spoofed IP packets via vulnerable hosts, enabling attacks like DNS amplification DDoS.
Description
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Exploits (1)
This repository contains a scanner and attack suite for exploiting CVE-2020-10136, which involves insecure implementation of IP-in-IP and GRE tunneling protocols. The tools allow sending spoofed IP packets via vulnerable hosts, enabling attacks like DNS amplification DDoS.
References (6)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L