CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
certccCNA
---
---
CVEADP
---
---
CISA-ADPADP
4.7 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
ieeeieee_802.2
𝑥
≤ 802.2h-1997
ciscocatalyst_6503-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6504-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6506-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6509-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6509-neb-a_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6509-v-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6513-e_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6807-xl_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6840-x_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6880-x_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_c6816-x-le_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_c6824-x-le-40g_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_c6832-x-le_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_c6840-x-le-40g_firmware
15.5\(01.01.85\)sy07
ciscocatalyst_6800ia_firmware
15.5\(01.01.85\)sy07
ciscoios_xe
17.3.3
ciscoios_xe
15.2\(07\)e02
ciscoios_xe
15.2\(07\)e03
ciscoios_xe
17.4.1
ciscoios_xe
17.6.1
ciscomeraki_ms390_firmware
-
ciscomeraki_ms210_firmware
-
ciscomeraki_ms225_firmware
-
ciscomeraki_ms250_firmware
-
ciscomeraki_ms350_firmware
-
ciscomeraki_ms355_firmware
-
ciscomeraki_ms410_firmware
-
ciscomeraki_ms420_firmware
-
ciscomeraki_ms425_firmware
-
ciscomeraki_ms450_firmware
-
cisconexus_93180yc-ex_firmware
9.3\(5\)
cisconexus_93180yc-fx_firmware
9.3\(5\)
cisconexus_93180yc-fx3_firmware
9.3\(5\)
cisconexus_93240yc-fx2_firmware
9.3\(5\)
cisconexus_93360yc-fx2_firmware
9.3\(5\)
cisconexus_93120tx_firmware
9.3\(5\)
cisconexus_93108tc-ex_firmware
9.3\(5\)
cisconexus_9348gc-fxp_firmware
9.3\(5\)
cisconexus_93108tc-fx_firmware
9.3\(5\)
cisconexus_93108tc-fx3p_firmware
9.3\(5\)
cisconexus_93216tc-fx2_firmware
9.3\(5\)
ciscon9k-c9316d-gx_firmware
9.3\(5\)
ciscon9k-c93600cd-gx_firmware
9.3\(5\)
ciscon9k-c9332d-gx2b_firmware
9.3\(5\)
ciscon9k-c9348d-gx2a_firmware
9.3\(5\)
ciscon9k-c9364d-gx2a_firmware
9.3\(5\)
ciscon9k-x97160yc-ex_firmware
9.3\(5\)
ciscon9k-x9788tc-fx_firmware
9.3\(5\)
ciscon9k-x9564px_firmware
9.3\(5\)
ciscon9k-x9464px_firmware
9.3\(5\)
ciscon9k-x9564tx_firmware
9.3\(5\)
ciscon9k-x9464tx2_firmware
9.3\(5\)
cisconexus_9636pq_firmware
9.3\(5\)
cisconexus_x9636q-r_firmware
9.3\(5\)
cisconexus_9536pq_firmware
9.3\(5\)
cisconexus_9432pq_firmware
9.3\(5\)
cisconexus_9736pq_firmware
9.3\(5\)
ciscon9k-x9736c-fx_firmware
9.3\(5\)
ciscon9k-x9732c-ex_firmware
9.3\(5\)
ciscon9k-x9732c-fx_firmware
9.3\(5\)
ciscon9k-x9736c-ex_firmware
9.3\(5\)
ciscon9k-x9636c-rx_firmware
9.3\(5\)
ciscon9k-x9636c-r_firmware
9.3\(5\)
ciscon9k-x9432c-s_firmware
9.3\(5\)
cisconexus_9716d-gx_firmware
9.3\(5\)
cisconexus_9504_firmware
9.3\(5\)
cisconexus_9508_firmware
9.3\(5\)
cisconexus_9516_firmware
9.3\(5\)
cisconexus_92160yc-x_firmware
9.3\(5\)
cisconexus_9272q_firmware
9.3\(5\)
cisconexus_92304qc_firmware
9.3\(5\)
cisconexus_9236c_firmware
9.3\(5\)
cisconexus_92300yc_firmware
9.3\(5\)
cisconexus_92348gc-x_firmware
9.3\(5\)
cisconexus_9364c_firmware
9.3\(5\)
cisconexus_9336c-fx2_firmware
9.3\(5\)
cisconexus_9336c-fx2-e_firmware
9.3\(5\)
cisconexus_9332c_firmware
9.3\(5\)
cisconexus_9364c-gx_firmware
9.3\(5\)
cisconexus_9800_firmware
9.3\(5\)
ciscosf500-24_firmware
3.0.0.61
ciscosf-500-24mp_firmware
3.0.0.61
ciscosf500-24p_firmware
3.0.0.61
ciscosf500-48_firmware
3.0.0.61
ciscosf500-48mp_firmware
3.0.0.61
ciscosf500-18p_firmware
3.0.0.61
ciscosg500-28_firmware
3.0.0.61
ciscosg500-28mpp_firmware
3.0.0.61
ciscosg500-28p_firmware
3.0.0.61
ciscosg500-52_firmware
3.0.0.61
ciscosg500-52mp_firmware
3.0.0.61
ciscosg500-52p_firmware
3.0.0.61
ciscosg500x-24_firmware
3.0.0.61
ciscosg500x-24mpp_firmware
3.0.0.61
ciscosg500x-24p_firmware
3.0.0.61
ciscosg500x-48_firmware
3.0.0.61
ciscosg500x-48mpp_firmware
3.0.0.61
ciscosg500x-48p_firmware
3.0.0.61
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://blog.champtar.fr/VLAN0_LLC_SNAP/
https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/
https://kb.cert.org/vuls/id/855201
https://standards.ieee.org/ieee/802.1Q/10323/
https://standards.ieee.org/ieee/802.2/1048/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX
https://blog.champtar.fr/VLAN0_LLC_SNAP/
https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/
https://kb.cert.org/vuls/id/855201
https://standards.ieee.org/ieee/802.1Q/10323/
https://standards.ieee.org/ieee/802.2/1048/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX