CVE-2020-10136 vulnerability in Digi and Other Products
Published on June 2, 2020
IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
Weakness Type
Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.
Products Associated with CVE-2020-10136
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-10136 are published in these products:
Affected Versions
IETF RFC2003 - IP Encapsulation within IP Version STD 1 is affected by CVE-2020-10136Exploit Probability
EPSS
18.16%
Percentile
95.05%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.