What is the vulnerability ID for this vulnerability?

The vulnerability ID for this vulnerability is CVE-2021-27862.

What is the severity of CVE-2021-27862?

The severity of CVE-2021-27862 is medium with a severity value of 4.7.

What is the affected software in CVE-2021-27862?

The affected software in CVE-2021-27862 includes IEEE 802.2 up to and including version 802.2h-1997, and IETF P802.1q up to and including version d1.0.

How can Layer 2 network filtering capabilities be bypassed in CVE-2021-27862?

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed in CVE-2021-27862 using LLC/SNAP headers with invalid length and Ethernet to WiFi frame conversion, and optionally VLAN0 headers.

Are there any references for CVE-2021-27862?

Yes, there are references available for CVE-2021-27862. They include: [1] https://blog.champtar.fr/VLAN0_LLC_SNAP/, [2] https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/, [3] https://kb.cert.org/vuls/id/855201

Vulnerability/
CVE-2021-27862

medium

4.7

CWE

290 130

27/9/2022

3/8/2024

CVE-2021-27862: L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation

First published: Tue Sep 27 2022(Updated: )

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

Credit: cret@cert.org

Affected Software	Affected Version	How to fix
Ieee Ieee 802.2	<=802.2h-1997
Ietf P802.1q	<=d1.0

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2021-27862.
What is the severity of CVE-2021-27862?
The severity of CVE-2021-27862 is medium with a severity value of 4.7.
What is the affected software in CVE-2021-27862?
The affected software in CVE-2021-27862 includes IEEE 802.2 up to and including version 802.2h-1997, and IETF P802.1q up to and including version d1.0.
How can Layer 2 network filtering capabilities be bypassed in CVE-2021-27862?
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed in CVE-2021-27862 using LLC/SNAP headers with invalid length and Ethernet to WiFi frame conversion, and optionally VLAN0 headers.
Are there any references for CVE-2021-27862?
Yes, there are references available for CVE-2021-27862. They include: [1] https://blog.champtar.fr/VLAN0_LLC_SNAP/, [2] https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/, [3] https://kb.cert.org/vuls/id/855201

collector/nvd-index
agent/weakness
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/tags
agent/first-publish-date
agent/event
vendor/ieee
canonical/ieee ieee 802.2
version/ieee ieee 802.2/802.2h-1997
vendor/ietf
canonical/ietf p802.1q
version/ietf p802.1q/d1.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.