IP-in-IP packet processing, a protocol used for tunneling by numerous vendors, contains a vulnerability that may lead to DDoS, information leakage and bypass of network access controls.

From tenable.com

On June 2, the CERT Coordination Center (CERT/CC) released vulnerability note VU#636397 detailing an unauthenticated vulnerability in the IP encapsulation within IP (IP-in-IP) protocol. The original disclosure is credited to Yannay Livneh, a cybersecurity researcher on the Enigmatos team.

Read more…