Search criteria
9 vulnerabilities found for P802.1Q by IETF
VAR-202209-1859
Vulnerability from variot - Updated: 2025-11-18 15:12Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 AffectedCVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "meraki ms420",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 93108tc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9464px",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9736pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus x9636q-r",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms350",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sg500x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 9516",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9736c-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6509-v-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 93108tc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-28mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-c9348d-gx2a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf-500-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "meraki ms250",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 9364c-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9636c-rx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9336c-fx2-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-18p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.4.1"
},
{
"model": "meraki ms450",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "sf500-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6503-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x9788tc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9716d-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 93108tc-fx3p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9636pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9636c-r",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500x-24mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 92160yc-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst c6840-x-le-40g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "sg500-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "802.2",
"scope": "lte",
"trust": 1.0,
"vendor": "ieee",
"version": "802.2h-1997"
},
{
"model": "sg500-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6880-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 93240yc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6506-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x9564px",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9508",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c93600cd-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500x-48mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.6.1"
},
{
"model": "nexus 92348gc-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9536pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms390",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 6509-neb-a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst 6509-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x9732c-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms425",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 9236c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9504",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93120tx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9364c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9464tx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9732c-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms410",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 93216tc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c9364d-gx2a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.2\\(07\\)e03"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.2\\(07\\)e02"
},
{
"model": "meraki ms210",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 93180yc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 92304qc",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6513-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst c6824-x-le-40g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst c6832-x-le",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "sg500-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 92300yc",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93360yc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93180yc-fx3",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9348gc-fxp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-c9316d-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9272q",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6800ia",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst 6840-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 9800",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6504-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 93180yc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-x9564tx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-x9432c-s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.3.3"
},
{
"model": "n9k-x9736c-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c9332d-gx2b",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "p802.1q",
"scope": "lte",
"trust": 1.0,
"vendor": "ietf",
"version": "d1.0"
},
{
"model": "catalyst 6807-xl",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 9432pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9336c-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9332c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms355",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst c6816-x-le",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x97160yc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms225",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "cisco ios xe",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "802.2",
"scope": null,
"trust": 0.8,
"vendor": "ieee",
"version": null
},
{
"model": "catalyst 6509-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6840-x",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6509-neb-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6506-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6816-x-le",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "ios xe",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6824-x-le-40g",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6509-v-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "p802.1q",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u6280\u8853\u30bf\u30b9\u30af\u30d5\u30a9\u30fc\u30b9 ietf",
"version": null
},
{
"model": "catalyst 6880-x",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6807-xl",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6832-x-le",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6800ia",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6840-x-le-40g",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6503-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6504-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6513-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Timur Snoke.Statement Date:\u00a0\u00a0 September 27, 2022",
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
}
],
"trust": 0.8
},
"cve": "CVE-2021-27853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-27853",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 2.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27853",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27853",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"id": "CVE-2021-27853",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-27853",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2794",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected\nCVE-2021-27854 Affected\nCVE-2021-27861 Affected\nCVE-2021-27862 AffectedCVE-2021-27853 Affected\nCVE-2021-27854 Affected\nCVE-2021-27861 Affected\nCVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27853"
},
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27853",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#855201",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.4805",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27853",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"id": "VAR-202209-1859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2025-11-18T15:12:14.158000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "draft-ietf-v6ops-ra-guard-08 Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209667"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://blog.champtar.fr/vlan0_llc_snap/"
},
{
"trust": 2.4,
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"trust": 1.7,
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"trust": 1.7,
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"trust": 1.7,
"url": "https://standards.ieee.org/ieee/802.1q/10323/"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vu855201-j3z8cktx"
},
{
"trust": 1.0,
"url": "https://www.kb.cert.org/vuls/id/855201"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta96784241/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27853"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27853/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4805"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-juniper-ingress-filtrering-bypass-via-layer-2-39380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#855201"
},
{
"date": "2022-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"date": "2022-09-27T18:15:09.527000",
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#855201"
},
{
"date": "2022-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"date": "2022-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"date": "2023-10-20T06:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"date": "2025-11-04T20:15:59.233000",
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
}
],
"trust": 0.6
}
}
CVE-2021-27862 (GCVE-0-2021-27862)
Vulnerability from nvd – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IEEE | 802.2 |
Affected:
802.2h-1997 , ≤ 802.2h-1997
(custom)
|
|||||||
|
|||||||||
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:28.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:04:33.466068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:04:40.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard-08",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27862",
"datePublished": "2022-09-27T18:40:14.712Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:28.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27861 (GCVE-0-2021-27861)
Vulnerability from nvd – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:27.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:06:05.203947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:06:11.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27861",
"datePublished": "2022-09-27T18:40:13.742Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:27.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27854 (GCVE-0-2021-27854)
Vulnerability from nvd – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
Severity ?
4.7 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:26.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:06:23.882465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:06:44.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27854",
"datePublished": "2022-09-27T18:40:12.738Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:26.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27853 (GCVE-0-2021-27853)
Vulnerability from nvd – Published: 2022-09-27 17:55 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
Severity ?
4.7 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:25.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"name": "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:26:49.324466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:27:39.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"name": "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27853",
"datePublished": "2022-09-27T17:55:09.203Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:25.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27862 (GCVE-0-2021-27862)
Vulnerability from cvelistv5 – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| IEEE | 802.2 |
Affected:
802.2h-1997 , ≤ 802.2h-1997
(custom)
|
|||||||
|
|||||||||
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:28.789Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27862",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:04:33.466068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:04:40.862Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard-08",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers)."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27862",
"datePublished": "2022-09-27T18:40:14.712Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:28.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27861 (GCVE-0-2021-27861)
Vulnerability from cvelistv5 – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
Severity ?
4.7 (Medium)
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:27.712Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27861",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:06:05.203947Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:06:11.048Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-130",
"description": "CWE-130 Improper Handling of Length Parameter",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27861",
"datePublished": "2022-09-27T18:40:13.742Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:27.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27854 (GCVE-0-2021-27854)
Vulnerability from cvelistv5 – Published: 2022-09-27 18:40 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
Severity ?
4.7 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:26.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27854",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:06:23.882465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:06:44.230Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27854",
"datePublished": "2022-09-27T18:40:12.738Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:26.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-27853 (GCVE-0-2021-27853)
Vulnerability from cvelistv5 – Published: 2022-09-27 17:55 – Updated: 2025-11-04 19:12
VLAI?
Title
L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
Severity ?
4.7 (Medium)
CWE
- CWE-290 - Authentication Bypass by Spoofing
Assigner
References
Impacted products
Credits
Etienne Champetier (@champtar) <champetier.etienne@gmail.com>
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:25.432Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"tags": [
"x_transferred"
],
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"name": "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX"
},
{
"tags": [
"x_transferred"
],
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"tags": [
"x_transferred"
],
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
},
{
"url": "https://www.kb.cert.org/vuls/id/855201"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-27853",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-21T15:26:49.324466Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-21T15:27:39.621Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "802.2",
"vendor": "IEEE",
"versions": [
{
"lessThanOrEqual": "802.2h-1997",
"status": "affected",
"version": "802.2h-1997",
"versionType": "custom"
}
]
},
{
"product": "draft-ietf-v6ops-ra-guard",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "08",
"status": "affected",
"version": "08",
"versionType": "custom"
}
]
},
{
"product": "P802.1Q",
"vendor": "IETF",
"versions": [
{
"lessThanOrEqual": "D1.0",
"status": "affected",
"version": "D1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Etienne Champetier (@champtar) \u003cchampetier.etienne@gmail.com\u003e"
}
],
"datePublic": "2022-09-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-290",
"description": "CWE-290: Authentication Bypass by Spoofing",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-10-12T00:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"name": "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022",
"tags": [
"vendor-advisory"
],
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX"
},
{
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"url": "https://blog.champtar.fr/VLAN0_LLC_SNAP/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers"
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2021-27853",
"datePublished": "2022-09-27T17:55:09.203Z",
"dateReserved": "2021-03-01T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:25.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}