Tunneling Protocols Security Vulnerabilities
Introduction
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. These vulnerabilities can be exploited to create one-way proxies, spoof source IPv4/6 addresses, and conduct denial-of-service (DoS) attacks.
The Vulnerabilities
The vulnerabilities are rooted in the fact that the tunneling protocols such as IP6IP6, GRE6, 4in6, and 6in4, which are mainly used to facilitate data transfers between two disconnected networks, do not authenticate and encrypt traffic without adequate security protocols like Internet Protocol Security (IPsec).
Affected Hosts
As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries.
Impact of the Vulnerabilities
Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks. The impact on victims of these DoS attacks can include network congestion, service disruption as resources are consumed by the traffic overload, and crashing of overloaded network devices.
Exploitation of the Vulnerabilities
An attacker simply needs to send a packet encapsulated using one of the affected protocols with two IP headers. The outer header contains the attacker’s source IP with the vulnerable host’s IP as the destination. The inner header’s source IP is that of the vulnerable host IP rather than the attacker. The destination IP is that of the target of the anonymous attack.
Defenses
To prevent these vulnerabilities, it is recommended to use IPSec or WireGuard to provide authentication and encryption, and only accept tunneling packets from trusted sources. At the network level, it is also advised to implement traffic filtering on routers and middleboxes, carry out Deep packet inspection (DPI), and block all unencrypted tunneling packets.
Conclusion
The vulnerabilities in tunneling protocols can have significant consequences, including network congestion, service disruption, and crashing of overloaded network devices. It is essential to take proactive measures to prevent these vulnerabilities and protect against potential attacks.
CVE Identifiers
The vulnerabilities have been assigned the following CVE identifiers for the protocols in question:
- CVE-2024-7595 (GRE and GRE6)
- CVE-2024-7596 (Generic UDP Encapsulation)
- CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6)
- CVE-2025-23019 (IPv6-in-IPv4)
References
- Top10VPN: Tunneling Protocol Vulnerability
- CERT Coordination Center (CERT/CC): CVE-2024-7595
- Tenable: CVE-2020-10136
Related Content
Source Link
