Strix
26.1K

CVE-2020-10136

MEDIUMCVSS 5.3/10EPSS 26.46%

Last modified

CVE-2020-10136 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.. EPSS estimates a 26.46% chance of exploitation in the next 30 days.

Description

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
26.46%

97.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
CiscoNx-Os5.2\(1\)sk3\(1.1\)
CiscoNx-Os5.2\(1\)sk3\(2.1\)
CiscoNx-Os5.2\(1\)sk3\(2.1a\)
CiscoNx-Os5.2\(1\)sk3\(2.2\)
CiscoNx-Os5.2\(1\)sk3\(2.2b\)
CiscoNx-Os5.2\(1\)sm1\(5.1\)
CiscoNx-Os5.2\(1\)sm1\(5.2\)
CiscoNx-Os5.2\(1\)sm1\(5.2a\)
CiscoNx-Os5.2\(1\)sm1\(5.2b\)
CiscoNx-Os5.2\(1\)sm1\(5.2c\)
CiscoNx-Os5.2\(1\)sm3\(1.1\)
CiscoNx-Os5.2\(1\)sm3\(1.1a\)
CiscoNx-Os5.2\(1\)sm3\(1.1b\)
CiscoNx-Os5.2\(1\)sm3\(1.1c\)
CiscoNx-Os5.2\(1\)sm3\(2.1\)
CiscoNx-Os5.2\(1\)sv3\(1.1\)
CiscoNx-Os5.2\(1\)sv3\(1.2\)
CiscoNx-Os5.2\(1\)sv3\(1.3\)
CiscoNx-Os5.2\(1\)sv3\(1.4\)
CiscoNx-Os5.2\(1\)sv3\(1.4b\)
CiscoNx-Os5.2\(1\)sv3\(1.5a\)
CiscoNx-Os5.2\(1\)sv3\(1.5b\)
CiscoNx-Os5.2\(1\)sv3\(1.6\)
CiscoNx-Os5.2\(1\)sv3\(1.10\)
CiscoNx-Os5.2\(1\)sv3\(1.15\)
CiscoNx-Os5.2\(1\)sv3\(2.1\)
CiscoNx-Os5.2\(1\)sv3\(2.5\)
CiscoNx-Os5.2\(1\)sv3\(2.8\)
CiscoNx-Os5.2\(1\)sv3\(3.1\)
CiscoNx-Os5.2\(1\)sv3\(3.15\)
CiscoNx-Os5.2\(1\)sv3\(4.1\)
CiscoNx-Os5.2\(1\)sv3\(4.1a\)
CiscoNx-Os5.2\(1\)sv3\(4.1b\)
CiscoNx-Os5.2\(1\)sv5\(1.1\)
CiscoNx-Os5.2\(1\)sv5\(1.2\)
CiscoNx-Os5.2\(1\)sv5\(1.3\)
CiscoNx-Os5.0\(3\)a1\(1\)
CiscoNx-Os5.0\(3\)a1\(2\)
CiscoNx-Os5.0\(3\)a1\(2a\)
CiscoNx-Os5.0\(3\)u1\(1\)
CiscoNx-Os5.0\(3\)u1\(1a\)
CiscoNx-Os5.0\(3\)u1\(1b\)
CiscoNx-Os5.0\(3\)u1\(1c\)
CiscoNx-Os5.0\(3\)u1\(1d\)
CiscoNx-Os5.0\(3\)u1\(2\)
CiscoNx-Os5.0\(3\)u1\(2a\)
CiscoNx-Os5.0\(3\)u2\(1\)
CiscoNx-Os5.0\(3\)u2\(2\)
CiscoNx-Os5.0\(3\)u2\(2a\)
CiscoNx-Os5.0\(3\)u2\(2b\)

Showing 50 of 258 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-10136?
IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.
How severe is CVE-2020-10136?
CVE-2020-10136 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 26.46% probability of exploitation in the next 30 days.
How do I fix CVE-2020-10136?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-10136?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST