Security News > 2020 > June > IP-in-IP Vulnerability Affects Devices From Cisco and Others
A vulnerability related to the IP-in-IP tunneling protocol that can be exploited for denial-of-service attacks and to bypass security controls has been found to impact devices from Cisco and other vendors.
Cisco has released security updates to address the vulnerability in its NX-OS software.
"The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device," Cisco explains in an advisory.
An attacker could cause the impacted device to decapsulate the IP-in-IP packet and then forward the inner IP packet, thus causing IP packets to bypass input access control lists on the device or other security boundaries on the network.
Cisco also explains that even devices that do not have an IP in IP tunnel interface configured are affected.