By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
Viral Trending contentViral Trending content
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
Reading: Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Notification Show More
Viral Trending contentViral Trending content
  • Home
  • Categories
    • World News
    • Politics
    • Sports
    • Celebrity
    • Business
    • Crypto
    • Tech News
    • Gaming News
    • Travel
  • Bookmarks
© 2024 All Rights reserved | Powered by Viraltrendingcontent
Viral Trending content > Blog > Tech News > Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
Tech News

Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers

By Viral Trending Content 4 Min Read
Share
SHARE

Jan 20, 2025Ravie LakshmananNetwork Security / Vulnerability

Tunneling Protocols

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.

“Internet hosts that accept tunneling packets without verifying the sender’s identity can be hijacked to perform anonymous attacks and provide access to their networks,” Top10VPN said in a study, as part of a collaboration with KU Leuven professor and researcher Mathy Vanhoef.

As many as 4.2 million hosts have been found susceptible to the attacks, including VPN servers, ISP home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. China, France, Japan, the U.S., and Brazil top the list of the most affected countries.

Successful exploitation of the shortcomings could permit an adversary to abuse a susceptible system as one-way proxies, as well as conduct denial-of-service (DoS) attacks.

Cybersecurity

“An adversary can abuse these security vulnerabilities to create one-way proxies and spoof source IPv4/6 addresses,” the CERT Coordination Center (CERT/CC) said in an advisory. “Vulnerable systems may also allow access to an organization’s private network or be abused to perform DDoS attacks.”

The vulnerabilities are rooted in the fact that the tunneling protocols such as IP6IP6, GRE6, 4in6, and 6in4, which are mainly used to facilitate data transfers between two disconnected networks, do not authenticate and encrypt traffic without adequate security protocols like Internet Protocol Security (IPsec).

The absence of additional security guardrails opens the door to a scenario where an attacker can inject malicious traffic into a tunnel, a variation of a flaw that was previously flagged in 2020 (CVE-2020-10136).

They have been assigned the following CVE identifiers for the protocols in question –

  • CVE-2024-7595 (GRE and GRE6)
  • CVE-2024-7596 (Generic UDP Encapsulation)
  • CVE-2025-23018 (IPv4-in-IPv6 and IPv6-in-IPv6)
  • CVE-2025-23019 (IPv6-in-IPv4)

“An attacker simply needs to send a packet encapsulated using one of the affected protocols with two IP headers,” Top10VPN’s Simon Migliano explained.

Cybersecurity

“The outer header contains the attacker’s source IP with the vulnerable host’s IP as the destination. The inner header’s source IP is that of the vulnerable host IP rather than the attacker. The destination IP is that of the target of the anonymous attack.”

Thus when the vulnerable host receives the malicious packet, it automatically strips the outer IP address header and forwards the inner packet to its destination. Given that the source IP address on the inner packet is that of the vulnerable but trusted host, it’s able to get past network filters.

As defenses, it’s recommended to use IPSec or WireGuard to provide authentication and encryption, and only accept tunneling packets from trusted sources. At the network level, it’s also advised to implement traffic filtering on routers and middleboxes, carry out Deep packet inspection (DPI), and block all unencrypted tunneling packets.

“The impact on victims of these DoS attacks can include network congestion, service disruption as resources are consumed by the traffic overload, and crashing of overloaded network devices,” Migliano said. “It also opens up opportunities for further exploitation, such as man-in-the-middle attacks and data interception.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

You Might Also Like

Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign

National College of Ireland receives $500k from Citi Foundation

Apple’s 2026 Roadmap: Foldable iPhone, M5 Max and More

Hackers exploiting critical “SessionReaper” flaw in Adobe Magento

Ireland officially joins CERN as associate member state

TAGGED: Cyber Security, Cybersecurity, ddos attack, Internet, IPSec, IPv6, network security, Vulnerability, WireGuard
Share This Article
Facebook Twitter Copy Link
Previous Article Ethereum Market Takeover: Expert Predicts Surge To $14,000 In Six Months
Next Article MEXC Unveils 2024 Annual Report: $100 Million Airdrop Distribution and 30 Million User Milestone Achieved
Leave a comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

- Advertisement -
Ad image

Latest News

With share prices near record highs, I’m looking to Warren Buffett for ideas
Business
Tech Mahindra on track to improve margin but macro challenges linger
Business
Iran-Linked MuddyWater Targets 100+ Organisations in Global Espionage Campaign
Tech News
Brains for bytes: Meta cuts 600 AI roles
World News
National College of Ireland receives $500k from Citi Foundation
Tech News
Top UN court says Israel must allow UN relief agency UNRWA to supply aid to Gaza
World News
I Hope My Outer Worlds 2 Companions Really Do Try To Kill Me
Gaming News

About Us

Welcome to Viraltrendingcontent, your go-to source for the latest updates on world news, politics, sports, celebrity, tech, travel, gaming, crypto news, and business news. We are dedicated to providing you with accurate, timely, and engaging content from around the globe.

Quick Links

  • Home
  • World News
  • Politics
  • Celebrity
  • Business
  • Home
  • World News
  • Politics
  • Sports
  • Celebrity
  • Business
  • Crypto
  • Gaming News
  • Tech News
  • Travel
  • Sports
  • Crypto
  • Tech News
  • Gaming News
  • Travel

Trending News

cageside seats

Unlocking the Ultimate WWE Experience: Cageside Seats News 2024

With share prices near record highs, I’m looking to Warren Buffett for ideas

Investing £5 a day could help me build a second income of £329 a month!

cageside seats
Unlocking the Ultimate WWE Experience: Cageside Seats News 2024
May 22, 2024
With share prices near record highs, I’m looking to Warren Buffett for ideas
October 22, 2025
Investing £5 a day could help me build a second income of £329 a month!
March 27, 2024
Brussels unveils plans for a European Degree but struggles to explain why
March 27, 2024
© 2024 All Rights reserved | Powered by Vraltrendingcontent
  • About Us
  • Contact US
  • Disclaimer
  • Privacy Policy
  • Terms of Service
Welcome Back!

Sign in to your account

Lost your password?