CVE-2020-10136: IP-in-IP Packet Processing Vulnerability...

CVE-2020-10136: IP-in-IP Packet Processing Vulnerability Could Lead to DDoS, Network Access Bypass and Information Disclosure

On June 2, the CERT Coordination Center (CERT/CC) released vulnerability note VU#636397 detailing an unauthenticated vulnerability in the IP encapsulation within IP (IP-in-IP) protocol. The original disclosure is credited to Yannay Livneh, a cybersecurity researcher on the Enigmatos team.

CVE-2020-10136 is an IP-in-IP processing vulnerability that could allow an unauthenticated attacker to route traffic through exposed interfaces on vulnerable devices, which may result in a reflected distributed denial of service (DDoS), information leakage and the bypass of network access controls (NACs).

For more information, please visit our blog.

Cyber Exposure Alerts

Vulnerability Watch

Forum Discussion

CVE-2020-10136: IP-in-IP Packet Processing Vulnerability...

Recent Discussions

Oracle January 2026 Critical Patch Update Addresses 158 CVEs

CVE-2025-64155: Exploit Code Released for Critical Fortinet FortiSIEM Vulnerability

Microsoft’s January 2026 Patch Tuesday Addresses 113 CVEs (CVE-2026-20805)

CVE-2025-14847 (MongoBleed): MongoDB Memory Leak Vulnerability Exploited in the Wild

CVE-2025-40602: SonicWall Secure Mobile Access (SMA) 1000 Zero-Day Exploited

Americas

Europe

Asia / Australia