CVE-2021-27862

Summary

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

Affected Software

VendorProductVersion RangeStatus
IEEE802.2802.2h-1997 <= 802.2h-1997affected
IETFdraft-ietf-v6ops-ra-guard-0808 <= 08affected

Weaknesses

  • CWE-130: CWE-130 Improper Handling of Length Parameter
  • CWE-290: CWE-290: Authentication Bypass by Spoofing

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References