CVE-2021-27853

CWE-290 CWE-284 — Improper Access Control5 documents5 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 65.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ieee 802.2 Ietf Draft-ietf-v6ops-ra-guard Ietf P802.1q +85 more

Timeline

PublishedSep 27

Latest updateSep 28

Description

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages89 packages

▶CVEListV5ietf/draft-ietf-v6ops-ra-guard08 — 08

▶CVEListV5ieee/802.2802.2h-1997 — 802.2h-1997

▶CVEListV5ietf/p802.1qD1.0 — D1.0

▶NVDietf/p802.1qd1.0

▶NVDieee/ieee_802.2802.2h-1997

🔴Vulnerability Details

GHSA

GHSA-v8jg-p3fp-g968: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP heade↗2022-09-28

▶

CVEList

L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers↗2022-09-27

▶

📋Vendor Advisories

Cisco

Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022↗2022-09-27

▶

Red Hat

kernel: layer 2 network filtering capabilities bypass↗2021-09-27

▶