Details of VAR-202209-1859

ID

VAR-202209-1859

CVE

CVE-2021-27853

TITLE

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Trust: 0.8

sources: CERT/CC: VU#855201

DESCRIPTION

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 AffectedCVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with

Trust: 2.43

sources: NVD: CVE-2021-27853 // CERT/CC: VU#855201 // JVNDB: JVNDB-2021-020376 // VULMON: CVE-2021-27853

AFFECTED PRODUCTS

vendor:	cisco	model:	meraki ms420	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 93108tc-fx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9464px	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9736pq	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus x9636q-r	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms350	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sg500x-48p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	nexus 9516	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9736c-ex	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6509-v-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	nexus 93108tc-ex	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sg500-28mpp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	n9k-c9348d-gx2a	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sf-500-24mp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	meraki ms250	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 9364c-gx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9636c-rx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9336c-fx2-e	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sf500-18p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.4.1	Trust: 1.0
vendor:	cisco	model:	meraki ms450	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	sf500-48mp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	catalyst 6503-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	n9k-x9788tc-fx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9716d-gx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sf500-48	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	sg500x-48	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	nexus 93108tc-fx3p	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9636pq	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9636c-r	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sg500-28	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	sg500x-24mpp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	nexus 92160yc-x	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	catalyst c6840-x-le-40g	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	sg500-52mp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	ieee	model:	802.2	scope:	lte	version:	802.2h-1997	Trust: 1.0
vendor:	cisco	model:	sg500-28p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	catalyst 6880-x	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	nexus 93240yc-fx2	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6506-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	n9k-x9564px	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9508	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-c93600cd-gx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sg500x-48mpp	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.6.1	Trust: 1.0
vendor:	cisco	model:	nexus 92348gc-x	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9536pq	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms390	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst 6509-neb-a	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	catalyst 6509-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	n9k-x9732c-fx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms425	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 9236c	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9504	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 93120tx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9364c	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9464tx2	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-x9732c-ex	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms410	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 93216tc-fx2	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-c9364d-gx2a	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	15.2\(07\)e03	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	15.2\(07\)e02	Trust: 1.0
vendor:	cisco	model:	meraki ms210	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	nexus 93180yc-fx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 92304qc	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6513-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	catalyst c6824-x-le-40g	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	catalyst c6832-x-le	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	sg500-52p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	nexus 92300yc	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 93360yc-fx2	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 93180yc-fx3	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9348gc-fxp	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sf500-24p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	n9k-c9316d-gx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9272q	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	catalyst 6800ia	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	catalyst 6840-x	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	nexus 9800	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sg500-52	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	catalyst 6504-e	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	nexus 93180yc-ex	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sg500x-24p	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	sg500x-24	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	n9k-x9564tx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	sf500-24	scope:	eq	version:	3.0.0.61	Trust: 1.0
vendor:	cisco	model:	n9k-x9432c-s	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	17.3.3	Trust: 1.0
vendor:	cisco	model:	n9k-x9736c-fx	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	n9k-c9332d-gx2b	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	ietf	model:	p802.1q	scope:	lte	version:	d1.0	Trust: 1.0
vendor:	cisco	model:	catalyst 6807-xl	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	nexus 9432pq	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9336c-fx2	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	nexus 9332c	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms355	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	catalyst c6816-x-le	scope:	eq	version:	15.5\(01.01.85\)sy07	Trust: 1.0
vendor:	cisco	model:	n9k-x97160yc-ex	scope:	eq	version:	9.3\(5\)	Trust: 1.0
vendor:	cisco	model:	meraki ms225	scope:	eq	version:	-	Trust: 1.0
vendor:	シスコシステムズ	model:	cisco ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	ieee	model:	802.2	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6509-e	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6840-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6509-neb-a	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6506-e	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst c6816-x-le	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	ios xe	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst c6824-x-le-40g	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6509-v-e	scope:	-	version:	-	Trust: 0.8
vendor:	インターネット技術タスクフォース ietf	model:	p802.1q	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6880-x	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6807-xl	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst c6832-x-le	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6800ia	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst c6840-x-le-40g	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6503-e	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6504-e	scope:	-	version:	-	Trust: 0.8
vendor:	シスコシステムズ	model:	catalyst 6513-e	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-27853
value:	MEDIUM
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-27853
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2021-27853
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-202209-2794
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2021-27853
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2021-27853
baseSeverity:	MEDIUM
baseScore:	4.7
vectorString:	CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector:	ADJACENT NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNNVD: CNNVD-202209-2794 // JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853 // NVD: CVE-2021-27853

PROBLEMTYPE DATA

problemtype:	CWE-290	Trust: 1.0
problemtype:	Avoid authentication by spoofing (CWE-290) [NVD evaluation ]	Trust: 0.8

sources: JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2794

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-2794

PATCH

title:	draft-ietf-v6ops-ra-guard-08 Cisco Systems Cisco Security Advisory	url:	https://standards.ieee.org/ieee/802.1Q/10323/	Trust: 0.8
title:	Multiple Cisco Product security vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=209667	Trust: 0.6

sources: CNNVD: CNNVD-202209-2794 // JVNDB: JVNDB-2021-020376

EXTERNAL IDS

db:	NVD	id:	CVE-2021-27853	Trust: 4.1
db:	CERT/CC	id:	VU#855201	Trust: 3.2
db:	JVNDB	id:	JVNDB-2021-020376	Trust: 0.8
db:	AUSCERT	id:	ESB-2022.4805	Trust: 0.6
db:	CNNVD	id:	CNNVD-202209-2794	Trust: 0.6
db:	VULMON	id:	CVE-2021-27853	Trust: 0.1

sources: CERT/CC: VU#855201 // VULMON: CVE-2021-27853 // CNNVD: CNNVD-202209-2794 // JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

REFERENCES

url:	https://blog.champtar.fr/vlan0_llc_snap/	Trust: 2.4
url:	https://kb.cert.org/vuls/id/855201	Trust: 2.4
url:	https://standards.ieee.org/ieee/802.2/1048/	Trust: 1.7
url:	https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/	Trust: 1.7
url:	https://standards.ieee.org/ieee/802.1q/10323/	Trust: 1.7
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vu855201-j3z8cktx	Trust: 1.7
url:	https://www.kb.cert.org/vuls/id/855201	Trust: 1.0
url:	https://jvn.jp/ta/jvnta96784241/	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-27853	Trust: 0.8
url:	https://cxsecurity.com/cveshow/cve-2021-27853/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2022.4805	Trust: 0.6
url:	https://vigilance.fr/vulnerability/cisco-juniper-ingress-filtrering-bypass-via-layer-2-39380	Trust: 0.6
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULMON: CVE-2021-27853 // CNNVD: CNNVD-202209-2794 // JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

CREDITS

This document was written by Timur Snoke.Statement Date: September 27, 2022

Trust: 0.8

sources: CERT/CC: VU#855201

SOURCES

db:	CERT/CC	id:	VU#855201
db:	VULMON	id:	CVE-2021-27853
db:	CNNVD	id:	CNNVD-202209-2794
db:	JVNDB	id:	JVNDB-2021-020376
db:	NVD	id:	CVE-2021-27853

LAST UPDATE DATE

2025-11-18T15:12:14.158000+00:00

SOURCES UPDATE DATE

db:	CERT/CC	id:	VU#855201	date:	2022-10-03T00:00:00
db:	VULMON	id:	CVE-2021-27853	date:	2022-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202209-2794	date:	2022-10-13T00:00:00
db:	JVNDB	id:	JVNDB-2021-020376	date:	2023-10-20T06:17:00
db:	NVD	id:	CVE-2021-27853	date:	2025-11-04T20:15:59.233

SOURCES RELEASE DATE

db:	CERT/CC	id:	VU#855201	date:	2022-09-27T00:00:00
db:	VULMON	id:	CVE-2021-27853	date:	2022-09-27T00:00:00
db:	CNNVD	id:	CNNVD-202209-2794	date:	2022-09-27T00:00:00
db:	JVNDB	id:	JVNDB-2021-020376	date:	2023-10-20T00:00:00
db:	NVD	id:	CVE-2021-27853	date:	2022-09-27T18:15:09.527