Critical vulnerabilities have been discovered in multiple tunneling protocols, potentially exposing approximately 4.2 million hosts. These include a wide range of devices such as Virtual Private Networks (VPNs), Internet Service Provider (ISP) home routers, core internet routers, mobile network gateways, and content delivery network (CDN) nodes. Read this Cybersecurity Threat Advisory in full to limit the impact of these vulnerabilities.
What is the threat?
These vulnerabilities arise from flaws in tunneling protocols that allow attackers to exploit exposed hosts. These exploits include Distributed Denial of Service (DDoS) attacks, host takeovers, and traffic spoofing. A DDoS attack is when an attacker floods a user’s server and overloads it. This prevents the user from accessing online services and sites. A host takeover gives the attackers full access to these exposed hosts and allows them to perform these DDoS attacks anonymously and from different hosts. An attacker is also able to traffic spoof by masking or hiding their traffic through one of these hosts.
Why is it noteworthy?
Around 4.2 million hosts are exposed to the common network communication protocol, the tunneling protocol, which allows a network to communicate with another network and is vital in sending payloads. The tunneling protocol allows bad actors to easily attack the host because of a flaw in the protocol. If the internet hosts accept tunnel packets without verifying the sender, then they are at risk for this exploitation. These factors make this threat notable and something to be aware of.
What is the exposure or risk?
The commonality of the tunneling protocol and the multiple tunneling protocols make this extremely risky. This exploitation could cause widespread disruptions, privacy breaches, and compromised infrastructure.
What are the recommendations?
Barracuda recommends the following actions to limit the impact of the unsecured tunneling protocols:
- Use IPSec or WireGuard to secure your host by providing authentication and encryption.
- Tunneling traffic should only be directed to accept packets from trusted sources.
- Filter out malicious traffic, inspect deep packet structures, and block unencrypted tunneling packets.
References
For more in-depth information about the recommendations, please visit the following links:
- https://cybersecuritynews.com/new-tunneling-protocol-vulnerabilities/
- https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html
- https://www.bitdefender.com/en-gb/blog/hotforsecurity/research-unveils-4-2-million-hosts-exposed-to-cyberattacks-by-unsecured-tunneling-protocols
- https://www.cloudflare.com/learning/network-layer/what-is-tunneling/
If you have any questions about this Cybersecurity Threat Advisory, don’t hesitate to get in touch with Barracuda Managed XDR’s Security Operations Center.
