Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

The Hacker News by The Hacker News
January 20, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.

“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor and researcher Mathy Vanhoef.

As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries.

Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks.

Cybersecurity

“An adversary can abuse these security vulnerabilities to create one-way proxies and spoof source IPv4/6 addresses,” the CERT Coordination Center (CERT/CC) said in an advisory. “Vulnerable systems may also allow access to an organization’s private network or be abused to perform DDoS attacks.”

The vulnerabilities are rooted in the fact that the tunneling protocols such as IP6IP6, GRE6, 4in6, and 6in4, which are mainly used to facilitate data transfers between two disconnected networks, do not authenticate and encrypt traffic without adequate security protocols like Internet Protocol Security (IPsec).

The absence of additional security guardrails opens the door to a scenario where an attacker can inject malicious traffic into a tunnel, a variation of a flaw that was previously flagged in 2020 (CVE-2020-10136).

They have been assigned the following CVE identifiers for the protocols in question –

  • CVE-2024-7595 (GRE and GRE6)
  • CVE-2024-7596 (Generic UDP Encapsulation)
  • CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6)
  • CVE-2025-23019 (IPv6-in-IPv4)

“An attacker simply needs to send a packet encapsulated using one of the affected protocols with two IP headers,” Top10VPN’s Simon Migliano explained.

Cybersecurity

“The outer header contains the attacker’s source IP with the vulnerable host’s IP as the destination. The inner header’s source IP is that of the vulnerable host IP rather than the attacker. The destination IP is that of the target of the anonymous attack.”

Thus when the vulnerable host receives the malicious packet, it automatically strips the outer IP address header and forwards the inner packet to its destination. Given that the source IP address on the inner packet is that of the vulnerable but trusted host, it’s able to get past network filters.

As defenses, it’s recommended to use IPSec or WireGuard to provide authentication and encryption, and only accept tunneling packets from trusted sources. At the network level, it’s also advised to implement traffic filtering on routers and middleboxes, carry out Deep packet inspection (DPI), and block all unencrypted tunneling packets.

“The impact on victims of these DoS attacks can include network congestion, service disruption as resources are consumed by the traffic overload, and crashing of overloaded network devices,” Migliano said. “It also opens up opportunities for further exploitation, such as man-in-the-middle attacks and data interception.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
East Ventures, pionnier du capital-risque en Asie du Sud-Est, conclut avec Coller Capital sa première transaction secondaire dirigée par des commandités

East Ventures, pionnier du capital-risque en Asie du Sud-Est, conclut avec Coller Capital sa première transaction secondaire dirigée par des commandités

Recommended.

SaferWatch and CRG Unite to Enhance School Safety in Florida Schools with Advanced Mapping Integration

SaferWatch and CRG Unite to Enhance School Safety in Florida Schools with Advanced Mapping Integration

June 3, 2025
Zscaler CEO Jay Chaudhry On ‘Reimagining’ Security Operations: ‘SIEM Goes Away’

Zscaler CEO Jay Chaudhry On ‘Reimagining’ Security Operations: ‘SIEM Goes Away’

June 5, 2025

Trending.

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

⚡ Weekly Recap: Oracle 0-Day, BitLocker Bypass, VMScape, WhatsApp Worm & More

October 6, 2025
Cloud Computing on the Rise: Market Projected to Reach .6 Trillion by 2030

Cloud Computing on the Rise: Market Projected to Reach $1.6 Trillion by 2030

August 1, 2025
Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

Stocks making the biggest moves midday: Autodesk, PayPal, Rivian, Nebius, Waters and more

July 14, 2025
The Ultimate MSP Guide to Structuring and Selling vCISO Services

The Ultimate MSP Guide to Structuring and Selling vCISO Services

February 19, 2025
Translators’ Voices: China shares technological achievements with the world for mutual benefit

Translators’ Voices: China shares technological achievements with the world for mutual benefit

June 3, 2025

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio