CVE-2020-10136

CVE-2020-10136: IP-in-IP protocol allows a remote, unauthenticated attacker to route arbitrary network traffic

Vendor Ietf
Product RFC2003 - IP Encapsulation within IP
Weakness CWE-290
Published June 2, 2020
Last update November 3, 2025

CVSS base score

What the vulnerability does

01Description

IP-in-IP protocol specifies IP Encapsulation within IP standard (RFC 2003, STD 1) that decapsulate and route IP-in-IP traffic is vulnerable to spoofing, access-control bypass and other unexpected behavior due to the lack of validation to verify network packets before decapsulation and routing.

Key dates

02Disclosure timeline

June 2, 2020 CVE published
November 3, 2025 Record updated

Related vulnerabilities

04Related CVE