November 20, 2023
Severity Medium Analysis Summary Agent Tesla is a very popular spyware Trojan built for the.NET framework. Since its initial appearance in 2014, this has been deployed […]
Rewterz Threat Alert – African Banking Sector Targeted via Phishing Emails
June 2, 2020Rewterz Threat Advisory – CVE-2019-1736 – Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability
June 2, 2020Rewterz Threat Alert – African Banking Sector Targeted via Phishing Emails
June 2, 2020Rewterz Threat Advisory – CVE-2019-1736 – Multiple Cisco UCS-Based Products UEFI Secure Boot Bypass Vulnerability
June 2, 2020
Severity
Medium
Analysis Summary
The vulnerability is due to the affected device unexpectedly decapsulating and processing IP in IP packets that are destined to a locally configured IP address. An attacker could exploit this vulnerability by sending a crafted IP in IP packet to an affected device. A successful exploit could cause the affected device to unexpectedly decapsulate the IP in IP packet and forward the inner IP packet. This may result in IP packets bypassing input access control lists (ACLs) configured on the affected device or other security boundaries defined elsewhere in the network.
Impact
- Security bypass
- Denial of service
Remediation
Refer to vendor’s advisory for the list of complete list of affected products and upgraded patches.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4