CVE-2021-27861

CWE-130 CWE-290 CWE-284 — Improper Access Control5 documents5 sources

Severity

4.7MEDIUM

EPSS

0.1%

top 67.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ieee 802.2 Ietf Draft-ietf-v6ops-ra-guard Ietf P802.1q +1 more

Timeline

PublishedSep 27

Latest updateSep 28

Description

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

▶CVEListV5ietf/draft-ietf-v6ops-ra-guard08 — 08

▶CVEListV5ieee/802.2802.2h-1997 — 802.2h-1997

▶CVEListV5ietf/p802.1qD1.0 — D1.0

▶NVDietf/p802.1qd1.0

▶NVDieee/ieee_802.2802.2h-1997

🔴Vulnerability Details

GHSA

GHSA-wcc2-hc4j-m2wc: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)↗2022-09-28

▶

CVEList

L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths↗2022-09-27

▶

📋Vendor Advisories

Red Hat

Kernel: Layer 2 network filtering capabilities bypass with invalid length (and optionally VLAN0 headers)↗2022-09-27

▶

Cisco

Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022↗2022-09-27

▶