CVE-2021-27854

Summary

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

Affected Software

VendorProductVersion RangeStatus
IETFP802.1QD1.0 <= D1.0affected
IETFdraft-ietf-v6ops-ra-guard08 <= 08affected
IEEE802.2802.2h-1997 <= 802.2h-1997affected

Weaknesses

  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References