CVE-2021-27853

Summary

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Affected Software

VendorProductVersion RangeStatus
IEEE802.2802.2h-1997 <= 802.2h-1997affected
IETFdraft-ietf-v6ops-ra-guard08 <= 08affected
IETFP802.1QD1.0 <= D1.0affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References