Severity Rating: High
Software Affected
· Cisco NX-OS Software.
Overview
Vulnerability has been reported in the network stack of Cisco NX-OS
Software which could allow an unauthenticated, remote attacker to bypass
certain security boundaries or cause a denial of service (DoS) condition on
an affected device.
Description
IP Packet Processing Vulnerability
A Vulnerability exists in the network stack of Cisco NX-OS Software due to
the affected device unexpectedly decapsulating and processing IP in IP
packets that are destined to a locally configured IP address that could
allow the attacker to route arbitrary traffic via an exposed network
interface and lead to spoofing, access control bypass, and other unexpected
network behaviors, which could cause a denial of service (DoS) condition.
An attacker could exploit this vulnerability by sending a crafted IP in IP
packet to an affected device.
Successful exploitation of this vulnerability could allow the attacker to
cause the affected device to unexpectedly decapsulate the IP in IP packet
and forward the inner IP packet. This may result in IP packets bypassing
input access control lists (ACLs) configured on the affected device or
other security boundaries defined elsewhere in the network and this could
leads to the network stack process to crash and restart multiple times,
leading to a reload of the affected device and a denial of service(DoS)
condition.
Solution
Apply appropriate updates as mentioned in:
- -sa-nxos-ipip-dos-kCT9X4
Vendor Information
CISCO
- -sa-nxos-ipip-dos-kCT9X4
Reference
CISCO
- -sa-nxos-ipip-dos-kCT9X4
CVE Name
(CVE-2020-10136)
About Cert Advisory
We have created this blog to provide latest security advisory from the india cert for the security vulnerability, threats, attacks and patching required to mitigate any kind of cyber attacks.