CVE-2021-27861 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.7 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA-ADP	ADP	4.7 MEDIUM	ADJACENT_NETWORK	LOW	NONE	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 32%

Affected Products (NVD)

Vendor	Product	Version
ieee	ieee_802.2	𝑥 ≤ 802.2h-1997

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-130 - Improper Handling of Length Parameter Inconsistency
The software parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.
CWE-290 - Authentication Bypass by Spoofing
This attack-focused weakness is caused by improperly implemented authentication schemes that are subject to spoofing attacks.

References

https://blog.champtar.fr/VLAN0_LLC_SNAP/

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

https://kb.cert.org/vuls/id/855201

https://standards.ieee.org/ieee/802.1Q/10323/

https://standards.ieee.org/ieee/802.2/1048/

https://blog.champtar.fr/VLAN0_LLC_SNAP/

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

https://kb.cert.org/vuls/id/855201

https://standards.ieee.org/ieee/802.1Q/10323/

https://standards.ieee.org/ieee/802.2/1048/

https://www.kb.cert.org/vuls/id/855201