var-202209-1859
Vulnerability from variot
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 AffectedCVE-2021-27853 Affected CVE-2021-27854 Affected CVE-2021-27861 Affected CVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202209-1859",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "nexus 9736pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 92348gc-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus x9636q-r",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9236c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-52p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 93120tx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9464px",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93180yc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c9316d-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms450",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "n9k-x9736c-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "802.2",
"scope": "lte",
"trust": 1.0,
"vendor": "ieee",
"version": "802.2h-1997"
},
{
"model": "sg500-28mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-x9732c-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500x-48mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6504-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 93108tc-fx3p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9364c-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9636c-r",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9332c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9508",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500x-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 9516",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-28",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-c9364d-gx2a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-24",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500-28p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "meraki ms420",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 93240yc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6800ia",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x9564px",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms410",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "n9k-x9432c-s",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c9348d-gx2a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93216tc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-c9332d-gx2b",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms350",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst c6832-x-le",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 93108tc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-48mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500x-24mpp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "n9k-x97160yc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms355",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst 6840-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-x9464tx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6509-v-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst c6816-x-le",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 9336c-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 92300yc",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-18p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sf-500-24mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "sg500x-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 92304qc",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9800",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-52mp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "p802.1q",
"scope": "lte",
"trust": 1.0,
"vendor": "ietf",
"version": "d1.0"
},
{
"model": "n9k-x9788tc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9716d-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9504",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 92160yc-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93180yc-fx3",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9564tx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6503-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "sf500-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6807-xl",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 9272q",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500x-24p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "meraki ms425",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.2\\(07\\)e03"
},
{
"model": "nexus 93180yc-fx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.3.3"
},
{
"model": "meraki ms210",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "n9k-x9736c-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms390",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst c6824-x-le-40g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.6.1"
},
{
"model": "nexus 9432pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "n9k-x9636c-rx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sf500-48",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "catalyst 6509-neb-a",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst 6880-x",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "catalyst 6506-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "n9k-c93600cd-gx",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9536pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "17.4.1"
},
{
"model": "n9k-x9732c-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6509-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "meraki ms250",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "catalyst c6840-x-le-40g",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "sg500x-48p",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 9336c-fx2-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "catalyst 6513-e",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.5\\(01.01.85\\)sy07"
},
{
"model": "nexus 9364c",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "sg500-52",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "3.0.0.61"
},
{
"model": "nexus 93108tc-ex",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "meraki ms225",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": null
},
{
"model": "nexus 9348gc-fxp",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 93360yc-fx2",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "nexus 9636pq",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "9.3\\(5\\)"
},
{
"model": "ios xe",
"scope": "eq",
"trust": 1.0,
"vendor": "cisco",
"version": "15.2\\(07\\)e02"
},
{
"model": "cisco ios xe",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "802.2",
"scope": null,
"trust": 0.8,
"vendor": "ieee",
"version": null
},
{
"model": "catalyst 6509-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6840-x",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6509-neb-a",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6506-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6816-x-le",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "ios xe",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6824-x-le-40g",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6509-v-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "p802.1q",
"scope": null,
"trust": 0.8,
"vendor": "\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u6280\u8853\u30bf\u30b9\u30af\u30d5\u30a9\u30fc\u30b9 ietf",
"version": null
},
{
"model": "catalyst 6880-x",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6807-xl",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6832-x-le",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6800ia",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst c6840-x-le-40g",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6503-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6504-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
},
{
"model": "catalyst 6513-e",
"scope": null,
"trust": 0.8,
"vendor": "\u30b7\u30b9\u30b3\u30b7\u30b9\u30c6\u30e0\u30ba",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This document was written by Timur Snoke.Statement Date:\u00a0\u00a0 September 27, 2022",
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
}
],
"trust": 0.8
},
"cve": "CVE-2021-27853",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2021-27853",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.7,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-27853",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-27853",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-27853",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202209-2794",
"trust": 0.6,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.CVE-2021-27853 Affected\nCVE-2021-27854 Affected\nCVE-2021-27861 Affected\nCVE-2021-27862 AffectedCVE-2021-27853 Affected\nCVE-2021-27854 Affected\nCVE-2021-27861 Affected\nCVE-2021-27862 Affected. IEEE of ieee 802.2 Products from multiple other vendors contain vulnerabilities related to authentication bypass through spoofing.Information may be tampered with",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-27853"
},
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-27853",
"trust": 4.1
},
{
"db": "CERT/CC",
"id": "VU#855201",
"trust": 3.2
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2022.4805",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2021-27853",
"trust": 0.1
}
],
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"id": "VAR-202209-1859",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VARIoT devices database",
"id": null
}
],
"trust": 1.0
},
"last_update_date": "2024-08-14T13:21:41.300000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "draft-ietf-v6ops-ra-guard-08 Cisco Systems Cisco\u00a0Security\u00a0Advisory",
"trust": 0.8,
"url": "https://standards.ieee.org/ieee/802.1Q/10323/"
},
{
"title": "Multiple Cisco Product security vulnerabilities",
"trust": 0.6,
"url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=209667"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-290",
"trust": 1.0
},
{
"problemtype": "Avoid authentication by spoofing (CWE-290) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://blog.champtar.fr/vlan0_llc_snap/"
},
{
"trust": 2.4,
"url": "https://kb.cert.org/vuls/id/855201"
},
{
"trust": 1.7,
"url": "https://standards.ieee.org/ieee/802.2/1048/"
},
{
"trust": 1.7,
"url": "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/"
},
{
"trust": 1.7,
"url": "https://standards.ieee.org/ieee/802.1q/10323/"
},
{
"trust": 1.7,
"url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-vu855201-j3z8cktx"
},
{
"trust": 0.8,
"url": "https://jvn.jp/ta/jvnta96784241/"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-27853"
},
{
"trust": 0.6,
"url": "https://cxsecurity.com/cveshow/cve-2021-27853/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.4805"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/cisco-juniper-ingress-filtrering-bypass-via-layer-2-39380"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CERT/CC",
"id": "VU#855201"
},
{
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-09-27T00:00:00",
"db": "CERT/CC",
"id": "VU#855201"
},
{
"date": "2022-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"date": "2023-10-20T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"date": "2022-09-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"date": "2022-09-27T18:15:09.527000",
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-03T00:00:00",
"db": "CERT/CC",
"id": "VU#855201"
},
{
"date": "2022-09-27T00:00:00",
"db": "VULMON",
"id": "CVE-2021-27853"
},
{
"date": "2023-10-20T06:17:00",
"db": "JVNDB",
"id": "JVNDB-2021-020376"
},
{
"date": "2022-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202209-2794"
},
{
"date": "2022-11-16T17:26:33.420000",
"db": "NVD",
"id": "CVE-2021-27853"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers",
"sources": [
{
"db": "CERT/CC",
"id": "VU#855201"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202209-2794"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.