ID

VAR-202209-1859


CVE

CVE-2021-27853


TITLE

L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Trust: 0.8

sources: CERT/CC: VU#855201

DESCRIPTION

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 AffectedCVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with

Trust: 2.43

sources: NVD: CVE-2021-27853 // CERT/CC: VU#855201 // JVNDB: JVNDB-2021-020376 // VULMON: CVE-2021-27853

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:eqversion:17.3.3

Trust: 1.0

vendor:ciscomodel:n9k-c9348d-gx2ascope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-c9316d-gxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst c6840-x-le-40gscope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:catalyst c6824-x-le-40gscope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:meraki ms350scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 9536pqscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 93180yc-fx3scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 92304qcscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 92348gc-xscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:meraki ms420scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 93240yc-fx2scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus x9636q-rscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6506-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ieeemodel:802.2scope:lteversion:802.2h-1997

Trust: 1.0

vendor:ciscomodel:n9k-x9636c-rscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sf500-48mpscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:sg500x-48mppscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:n9k-x97160yc-exscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9508scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ietfmodel:p802.1qscope:lteversion:d1.0

Trust: 1.0

vendor:ciscomodel:meraki ms210scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sf-500-24mpscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:n9k-c9332d-gx2bscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6807-xlscope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:nexus 9736pqscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 93360yc-fx2scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sg500-52pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:catalyst c6832-x-lescope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:sf500-24pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:meraki ms390scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.2\(07\)e02

Trust: 1.0

vendor:ciscomodel:nexus 93180yc-fxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.4.1

Trust: 1.0

vendor:ciscomodel:nexus 93180yc-exscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9636pqscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sg500x-24scope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:meraki ms225scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 92160yc-xscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9800scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9736c-exscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sg500-52mpscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:nexus 93216tc-fx2scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:meraki ms250scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sg500x-24mppscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:catalyst 6509-neb-ascope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:catalyst c6816-x-lescope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:nexus 9236cscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6880-xscope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:meraki ms450scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:sf500-18pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:sg500-28mppscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:n9k-x9432c-sscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:meraki ms425scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:n9k-x9636c-rxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9736c-fxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9504scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 92300ycscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9336c-fx2-escope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-c9364d-gx2ascope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9336c-fx2scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9564pxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:15.2\(07\)e03

Trust: 1.0

vendor:ciscomodel:meraki ms410scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:nexus 9432pqscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 93108tc-exscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 93120txscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9716d-gxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9364c-gxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6513-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:nexus 93108tc-fx3pscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9732c-exscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9564txscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6509-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:sf500-48scope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:nexus 9516scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sg500x-24pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:sg500x-48scope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:ios xescope:eqversion:17.6.1

Trust: 1.0

vendor:ciscomodel:nexus 9272qscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9364cscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sg500-52scope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:sg500-28scope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:sg500x-48pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:n9k-c93600cd-gxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6509-v-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:n9k-x9732c-fxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6504-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:nexus 9332cscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 9348gc-fxpscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:nexus 93108tc-fxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:n9k-x9788tc-fxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:catalyst 6503-escope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:catalyst 6840-xscope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:sg500-28pscope:eqversion:3.0.0.61

Trust: 1.0

vendor:ciscomodel:n9k-x9464tx2scope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:meraki ms355scope:eqversion: -

Trust: 1.0

vendor:ciscomodel:catalyst 6800iascope:eqversion:15.5\(01.01.85\)sy07

Trust: 1.0

vendor:ciscomodel:n9k-x9464pxscope:eqversion:9.3\(5\)

Trust: 1.0

vendor:ciscomodel:sf500-24scope:eqversion:3.0.0.61

Trust: 1.0

vendor:シスコシステムズmodel:cisco ios xescope: - version: -

Trust: 0.8

vendor:ieeemodel:802.2scope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6509-escope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6840-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6509-neb-ascope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6506-escope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst c6816-x-lescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:ios xescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst c6824-x-le-40gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6509-v-escope: - version: -

Trust: 0.8

vendor:インターネット技術タスクフォース ietfmodel:p802.1qscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6880-xscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6807-xlscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst c6832-x-lescope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6800iascope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst c6840-x-le-40gscope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6503-escope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6504-escope: - version: -

Trust: 0.8

vendor:シスコシステムズmodel:catalyst 6513-escope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2021-27853
value: MEDIUM

Trust: 1.8

CNNVD: CNNVD-202209-2794
value: MEDIUM

Trust: 0.6

NVD:
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: ADJACENT_NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 1.4
version: 3.1

Trust: 1.0

NVD: CVE-2021-27853
baseSeverity: MEDIUM
baseScore: 4.7
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
attackVector: ADJACENT NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853 // CNNVD: CNNVD-202209-2794

PROBLEMTYPE DATA

problemtype:CWE-290

Trust: 1.0

problemtype:Avoid authentication by spoofing (CWE-290) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-202209-2794

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202209-2794

CONFIGURATIONS

sources: NVD: CVE-2021-27853

PATCH

title:draft-ietf-v6ops-ra-guard-08 Cisco Systems Cisco Security Advisoryurl:https://standards.ieee.org/ieee/802.1q/10323/

Trust: 0.8

title:Multiple Cisco Product security vulnerabilitiesurl:http://123.124.177.30/web/xxk/bdxqbyid.tag?id=209667

Trust: 0.6

sources: JVNDB: JVNDB-2021-020376 // CNNVD: CNNVD-202209-2794

EXTERNAL IDS

db:NVDid:CVE-2021-27853

Trust: 4.1

db:CERT/CCid:VU#855201

Trust: 3.2

db:JVNDBid:JVNDB-2021-020376

Trust: 0.8

db:AUSCERTid:ESB-2022.4805

Trust: 0.6

db:CNNVDid:CNNVD-202209-2794

Trust: 0.6

db:VULMONid:CVE-2021-27853

Trust: 0.1

sources: CERT/CC: VU#855201 // VULMON: CVE-2021-27853 // JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853 // CNNVD: CNNVD-202209-2794

REFERENCES

url:https://blog.champtar.fr/vlan0_llc_snap/

Trust: 2.4

url:https://kb.cert.org/vuls/id/855201

Trust: 2.4

url:https://standards.ieee.org/ieee/802.2/1048/

Trust: 1.7

url:https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

Trust: 1.7

url:https://standards.ieee.org/ieee/802.1q/10323/

Trust: 1.7

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vu855201-j3z8cktx

Trust: 1.7

url:https://jvn.jp/ta/jvnta96784241/

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2021-27853

Trust: 0.8

url:https://cxsecurity.com/cveshow/cve-2021-27853/

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2022.4805

Trust: 0.6

url:https://vigilance.fr/vulnerability/cisco-juniper-ingress-filtrering-bypass-via-layer-2-39380

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

sources: VULMON: CVE-2021-27853 // JVNDB: JVNDB-2021-020376 // NVD: CVE-2021-27853 // CNNVD: CNNVD-202209-2794

CREDITS

This document was written by Timur Snoke.Statement Date:   September 27, 2022

Trust: 0.8

sources: CERT/CC: VU#855201

SOURCES

db:CERT/CCid:VU#855201
db:VULMONid:CVE-2021-27853
db:JVNDBid:JVNDB-2021-020376
db:NVDid:CVE-2021-27853
db:CNNVDid:CNNVD-202209-2794

LAST UPDATE DATE

2023-12-18T13:22:11.219000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#855201date:2022-10-03T00:00:00
db:VULMONid:CVE-2021-27853date:2022-09-27T00:00:00
db:JVNDBid:JVNDB-2021-020376date:2023-10-20T06:17:00
db:NVDid:CVE-2021-27853date:2022-11-16T17:26:33.420
db:CNNVDid:CNNVD-202209-2794date:2022-10-13T00:00:00

SOURCES RELEASE DATE

db:CERT/CCid:VU#855201date:2022-09-27T00:00:00
db:VULMONid:CVE-2021-27853date:2022-09-27T00:00:00
db:JVNDBid:JVNDB-2021-020376date:2023-10-20T00:00:00
db:NVDid:CVE-2021-27853date:2022-09-27T18:15:09.527
db:CNNVDid:CNNVD-202209-2794date:2022-09-27T00:00:00