Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2021-27853
HistorySep 27, 2022 - 6:15 p.m.

CVE-2021-27853

2022-09-2718:15:09
CWE-290
[email protected]
web.nvd.nist.gov
67
4
cve
2021
27853
network filtering
bypass
vlan
llc
snap
headers
nvd

4.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

JSON

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Affected configurations

NVD
Node
ieeeieee_802.2Range802.2h-1997
Node
ietfp802.1qRanged1.0
Node
ciscocatalyst_6503-eMatch-
AND
ciscocatalyst_6503-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6504-eMatch-
AND
ciscocatalyst_6504-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6506-eMatch-
AND
ciscocatalyst_6506-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6509-eMatch-
AND
ciscocatalyst_6509-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6509-neb-aMatch-
AND
ciscocatalyst_6509-neb-a_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6509-v-eMatch-
AND
ciscocatalyst_6509-v-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6513-eMatch-
AND
ciscocatalyst_6513-e_firmwareMatch15.5\(01.01.85\)sy07
Node
ciscocatalyst_6807-xl_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_6807-xlMatch-
Node
ciscocatalyst_6840-x_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_6840-xMatch-
Node
ciscocatalyst_6880-x_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_6880-xMatch-
Node
ciscocatalyst_c6816-x-le_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_c6816-x-leMatch-
Node
ciscocatalyst_c6824-x-le-40g_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_c6824-x-le-40gMatch-
Node
ciscocatalyst_c6832-x-le_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_c6832-x-leMatch-
Node
ciscocatalyst_c6840-x-le-40g_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_c6840-x-le-40gMatch-
Node
ciscocatalyst_6800ia_firmwareMatch15.5\(01.01.85\)sy07
AND
ciscocatalyst_6800iaMatch-
Node
ciscoios_xeMatch17.3.3
OR
ciscoios_xeMatch15.2\(07\)e02
OR
ciscoios_xeMatch15.2\(07\)e03
OR
ciscoios_xeMatch17.4.1
OR
ciscoios_xeMatch17.6.1
AND
ciscocatalyst_3650-12x48fd-eMatch-
OR
ciscocatalyst_3650-12x48fd-lMatch-
OR
ciscocatalyst_3650-12x48fd-sMatch-
OR
ciscocatalyst_3650-12x48uq-eMatch-
OR
ciscocatalyst_3650-12x48uq-lMatch-
OR
ciscocatalyst_3650-12x48uq-sMatch-
OR
ciscocatalyst_3650-12x48ur-eMatch-
OR
ciscocatalyst_3650-12x48ur-lMatch-
OR
ciscocatalyst_3650-12x48ur-sMatch-
OR
ciscocatalyst_3650-12x48uz-eMatch-
OR
ciscocatalyst_3650-12x48uz-lMatch-
OR
ciscocatalyst_3650-12x48uz-sMatch-
OR
ciscocatalyst_3650-24pd-eMatch-
OR
ciscocatalyst_3650-24pd-lMatch-
OR
ciscocatalyst_3650-24pd-sMatch-
OR
ciscocatalyst_3650-24pdm-eMatch-
OR
ciscocatalyst_3650-24pdm-lMatch-
OR
ciscocatalyst_3650-24pdm-sMatch-
OR
ciscocatalyst_3650-24ps-eMatch-
OR
ciscocatalyst_3650-24ps-lMatch-
OR
ciscocatalyst_3650-24ps-sMatch-
OR
ciscocatalyst_3650-24td-eMatch-
OR
ciscocatalyst_3650-24td-lMatch-
OR
ciscocatalyst_3650-24td-sMatch-
OR
ciscocatalyst_3650-24ts-eMatch-
OR
ciscocatalyst_3650-24ts-lMatch-
OR
ciscocatalyst_3650-24ts-sMatch-
OR
ciscocatalyst_3650-48fd-eMatch-
OR
ciscocatalyst_3650-48fd-lMatch-
OR
ciscocatalyst_3650-48fd-sMatch-
OR
ciscocatalyst_3650-48fq-eMatch-
OR
ciscocatalyst_3650-48fq-lMatch-
OR
ciscocatalyst_3650-48fq-sMatch-
OR
ciscocatalyst_3650-48fqm-eMatch-
OR
ciscocatalyst_3650-48fqm-lMatch-
OR
ciscocatalyst_3650-48fqm-sMatch-
OR
ciscocatalyst_3650-48fs-eMatch-
OR
ciscocatalyst_3650-48fs-lMatch-
OR
ciscocatalyst_3650-48fs-sMatch-
OR
ciscocatalyst_3650-48pd-eMatch-
OR
ciscocatalyst_3650-48pd-lMatch-
OR
ciscocatalyst_3650-48pd-sMatch-
OR
ciscocatalyst_3650-48pq-eMatch-
OR
ciscocatalyst_3650-48pq-lMatch-
OR
ciscocatalyst_3650-48pq-sMatch-
OR
ciscocatalyst_3650-48ps-eMatch-
OR
ciscocatalyst_3650-48ps-lMatch-
OR
ciscocatalyst_3650-48ps-sMatch-
OR
ciscocatalyst_3650-48td-eMatch-
OR
ciscocatalyst_3650-48td-lMatch-
OR
ciscocatalyst_3650-48td-sMatch-
OR
ciscocatalyst_3650-48tq-eMatch-
OR
ciscocatalyst_3650-48tq-lMatch-
OR
ciscocatalyst_3650-48tq-sMatch-
OR
ciscocatalyst_3650-48ts-eMatch-
OR
ciscocatalyst_3650-48ts-lMatch-
OR
ciscocatalyst_3650-48ts-sMatch-
OR
ciscocatalyst_3650-8x24pd-eMatch-
OR
ciscocatalyst_3650-8x24pd-lMatch-
OR
ciscocatalyst_3650-8x24pd-sMatch-
OR
ciscocatalyst_3650-8x24uq-eMatch-
OR
ciscocatalyst_3650-8x24uq-lMatch-
OR
ciscocatalyst_3650-8x24uq-sMatch-
OR
ciscocatalyst_3850-12s-eMatch-
OR
ciscocatalyst_3850-12s-sMatch-
OR
ciscocatalyst_3850-12xs-eMatch-
OR
ciscocatalyst_3850-12xs-sMatch-
OR
ciscocatalyst_3850-16xs-eMatch-
OR
ciscocatalyst_3850-16xs-sMatch-
OR
ciscocatalyst_3850-24p-eMatch-
OR
ciscocatalyst_3850-24p-lMatch-
OR
ciscocatalyst_3850-24pw-sMatch-
OR
ciscocatalyst_3850-24s-eMatch-
OR
ciscocatalyst_3850-24s-sMatch-
OR
ciscocatalyst_3850-24t-eMatch-
OR
ciscocatalyst_3850-24t-lMatch-
OR
ciscocatalyst_3850-24t-sMatch-
OR
ciscocatalyst_3850-24u-eMatch-
OR
ciscocatalyst_3850-24u-lMatch-
OR
ciscocatalyst_3850-24u-sMatch-
OR
ciscocatalyst_3850-24xs-eMatch-
OR
ciscocatalyst_3850-24xs-sMatch-
OR
ciscocatalyst_3850-24xu-eMatch-
OR
ciscocatalyst_3850-24xu-lMatch-
OR
ciscocatalyst_3850-24xu-sMatch-
OR
ciscocatalyst_3850-32xs-eMatch-
OR
ciscocatalyst_3850-32xs-sMatch-
OR
ciscocatalyst_3850-48f-eMatch-
OR
ciscocatalyst_3850-48f-lMatch-
OR
ciscocatalyst_3850-48f-sMatch-
OR
ciscocatalyst_3850-48p-eMatch-
OR
ciscocatalyst_3850-48p-lMatch-
OR
ciscocatalyst_3850-48p-sMatch-
OR
ciscocatalyst_3850-48pw-sMatch-
OR
ciscocatalyst_3850-48t-eMatch-
OR
ciscocatalyst_3850-48t-lMatch-
OR
ciscocatalyst_3850-48t-sMatch-
OR
ciscocatalyst_3850-48u-eMatch-
OR
ciscocatalyst_3850-48u-lMatch-
OR
ciscocatalyst_3850-48u-sMatch-
OR
ciscocatalyst_3850-48xs-eMatch-
OR
ciscocatalyst_3850-48xs-f-eMatch-
OR
ciscocatalyst_3850-48xs-f-sMatch-
OR
ciscocatalyst_3850-48xs-sMatch-
OR
ciscocatalyst_9200Match-
OR
ciscocatalyst_9200cxMatch-
OR
ciscocatalyst_9200lMatch-
OR
ciscocatalyst_9300Match-
OR
ciscocatalyst_9300lMatch-
OR
ciscocatalyst_9300lmMatch-
OR
ciscocatalyst_9300xMatch-
OR
ciscocatalyst_9400Match-
OR
ciscocatalyst_9500Match-
OR
ciscocatalyst_9500hMatch-
OR
ciscocatalyst_9600Match-
OR
ciscocatalyst_9600xMatch-
OR
ciscocatalyst_c3850-12x48u-eMatch-
OR
ciscocatalyst_c3850-12x48u-lMatch-
OR
ciscocatalyst_c3850-12x48u-sMatch-
Node
ciscomeraki_ms390_firmwareMatch-
AND
ciscomeraki_ms390Match-
Node
ciscomeraki_ms210_firmwareMatch-
AND
ciscomeraki_ms210Match-
Node
ciscomeraki_ms225_firmwareMatch-
AND
ciscomeraki_ms225Match-
Node
ciscomeraki_ms250_firmwareMatch-
AND
ciscomeraki_ms250Match-
Node
ciscomeraki_ms350_firmwareMatch-
AND
ciscomeraki_ms350Match-
Node
ciscomeraki_ms355_firmwareMatch-
AND
ciscomeraki_ms355Match-
Node
ciscomeraki_ms410_firmwareMatch-
AND
ciscomeraki_ms410Match-
Node
ciscomeraki_ms420_firmwareMatch-
AND
ciscomeraki_ms420Match-
Node
ciscomeraki_ms425_firmwareMatch-
AND
ciscomeraki_ms425Match-
Node
ciscomeraki_ms450_firmwareMatch-
AND
ciscomeraki_ms450Match-
Node
cisconexus_93180yc-ex_firmwareMatch9.3\(5\)
AND
cisconexus_93180yc-exMatch-
Node
cisconexus_93180yc-fx_firmwareMatch9.3\(5\)
AND
cisconexus_93180yc-fxMatch-
Node
cisconexus_93180yc-fx3_firmwareMatch9.3\(5\)
AND
cisconexus_93180yc-fx3Match-
Node
cisconexus_93240yc-fx2_firmwareMatch9.3\(5\)
AND
cisconexus_93240yc-fx2Match-
Node
cisconexus_93360yc-fx2_firmwareMatch9.3\(5\)
AND
cisconexus_93360yc-fx2Match-
Node
cisconexus_93120tx_firmwareMatch9.3\(5\)
AND
cisconexus_93120txMatch-
Node
cisconexus_93108tc-ex_firmwareMatch9.3\(5\)
AND
cisconexus_93108tc-exMatch-
Node
cisconexus_9348gc-fxp_firmwareMatch9.3\(5\)
AND
cisconexus_9348gc-fxpMatch-
Node
cisconexus_93108tc-fx_firmwareMatch9.3\(5\)
AND
cisconexus_93108tc-fxMatch-
Node
cisconexus_93108tc-fx3p_firmwareMatch9.3\(5\)
AND
cisconexus_93108tc-fx3pMatch-
Node
cisconexus_93216tc-fx2_firmwareMatch9.3\(5\)
AND
cisconexus_93216tc-fx2Match-
Node
ciscon9k-c9316d-gx_firmwareMatch9.3\(5\)
AND
ciscon9k-c9316d-gxMatch-
Node
ciscon9k-c93600cd-gx_firmwareMatch9.3\(5\)
AND
ciscon9k-c93600cd-gxMatch-
Node
ciscon9k-c9332d-gx2b_firmwareMatch9.3\(5\)
AND
ciscon9k-c9332d-gx2bMatch-
Node
ciscon9k-c9348d-gx2a_firmwareMatch9.3\(5\)
AND
ciscon9k-c9348d-gx2aMatch-
Node
ciscon9k-c9364d-gx2a_firmwareMatch9.3\(5\)
AND
ciscon9k-c9364d-gx2aMatch-
Node
ciscon9k-x97160yc-ex_firmwareMatch9.3\(5\)
AND
ciscon9k-x97160yc-exMatch-
Node
ciscon9k-x9788tc-fx_firmwareMatch9.3\(5\)
AND
ciscon9k-x9788tc-fxMatch-
Node
ciscon9k-x9564px_firmwareMatch9.3\(5\)
AND
ciscon9k-x9564pxMatch-
Node
ciscon9k-x9464px_firmwareMatch9.3\(5\)
AND
ciscon9k-x9464pxMatch-
Node
ciscon9k-x9564tx_firmwareMatch9.3\(5\)
AND
ciscon9k-x9564txMatch-
Node
ciscon9k-x9464tx2_firmwareMatch9.3\(5\)
AND
ciscon9k-x9464tx2Match-
Node
cisconexus_9636pq_firmwareMatch9.3\(5\)
AND
cisconexus_9636pqMatch-
Node
cisconexus_x9636q-r_firmwareMatch9.3\(5\)
AND
cisconexus_x9636q-rMatch-
Node
cisconexus_9536pq_firmwareMatch9.3\(5\)
AND
cisconexus_9536pqMatch-
Node
cisconexus_9432pq_firmwareMatch9.3\(5\)
AND
cisconexus_9432pqMatch-
Node
cisconexus_9736pq_firmwareMatch9.3\(5\)
AND
cisconexus_9736pqMatch-
Node
ciscon9k-x9736c-fx_firmwareMatch9.3\(5\)
AND
ciscon9k-x9736c-fxMatch-
Node
ciscon9k-x9732c-ex_firmwareMatch9.3\(5\)
AND
ciscon9k-x9732c-exMatch-
Node
ciscon9k-x9732c-fx_firmwareMatch9.3\(5\)
AND
ciscon9k-x9732c-fxMatch-
Node
ciscon9k-x9736c-ex_firmwareMatch9.3\(5\)
AND
ciscon9k-x9736c-exMatch-
Node
ciscon9k-x9636c-rx_firmwareMatch9.3\(5\)
AND
ciscon9k-x9636c-rxMatch-
Node
ciscon9k-x9636c-r_firmwareMatch9.3\(5\)
AND
ciscon9k-x9636c-rMatch-
Node
ciscon9k-x9432c-s_firmwareMatch9.3\(5\)
AND
ciscon9k-x9432c-sMatch-
Node
cisconexus_9716d-gx_firmwareMatch9.3\(5\)
AND
cisconexus_9716d-gxMatch-
Node
cisconexus_9504_firmwareMatch9.3\(5\)
AND
cisconexus_9504Match-
Node
cisconexus_9508_firmwareMatch9.3\(5\)
AND
cisconexus_9508Match-
Node
cisconexus_9516_firmwareMatch9.3\(5\)
AND
cisconexus_9516Match-
Node
cisconexus_92160yc-x_firmwareMatch9.3\(5\)
AND
cisconexus_92160yc-xMatch-
Node
cisconexus_9272q_firmwareMatch9.3\(5\)
AND
cisconexus_9272qMatch-
Node
cisconexus_92304qc_firmwareMatch9.3\(5\)
AND
cisconexus_92304qcMatch-
Node
cisconexus_9236c_firmwareMatch9.3\(5\)
AND
cisconexus_9236cMatch-
Node
cisconexus_92300yc_firmwareMatch9.3\(5\)
AND
cisconexus_92300ycMatch-
Node
cisconexus_92348gc-x_firmwareMatch9.3\(5\)
AND
cisconexus_92348gc-xMatch-
Node
cisconexus_9364c_firmwareMatch9.3\(5\)
AND
cisconexus_9364cMatch-
Node
cisconexus_9336c-fx2_firmwareMatch9.3\(5\)
AND
cisconexus_9336c-fx2Match-
Node
cisconexus_9336c-fx2-e_firmwareMatch9.3\(5\)
AND
cisconexus_9336c-fx2-eMatch-
Node
cisconexus_9332c_firmwareMatch9.3\(5\)
AND
cisconexus_9332cMatch-
Node
cisconexus_9364c-gx_firmwareMatch9.3\(5\)
AND
cisconexus_9364c-gxMatch-
Node
cisconexus_9800_firmwareMatch9.3\(5\)
AND
cisconexus_9800Match-
Node
ciscosf500-24_firmwareMatch3.0.0.61
AND
ciscosf500-24Match-
Node
ciscosf-500-24mp_firmwareMatch3.0.0.61
AND
ciscosf-500-24mpMatch-
Node
ciscosf500-24p_firmwareMatch3.0.0.61
AND
ciscosf500-24pMatch-
Node
ciscosf500-48_firmwareMatch3.0.0.61
AND
ciscosf500-48Match-
Node
ciscosf500-48mp_firmwareMatch3.0.0.61
AND
ciscosf500-48mpMatch-
Node
ciscosf500-18p_firmwareMatch3.0.0.61
AND
ciscosf500-18pMatch-
Node
ciscosg500-28_firmwareMatch3.0.0.61
AND
ciscosg500-28Match-
Node
ciscosg500-28mpp_firmwareMatch3.0.0.61
AND
ciscosg500-28mppMatch-
Node
ciscosg500-28p_firmwareMatch3.0.0.61
AND
ciscosg500-28pMatch-
Node
ciscosg500-52_firmwareMatch3.0.0.61
AND
ciscosg500-52Match-
Node
ciscosg500-52mp_firmwareMatch3.0.0.61
AND
ciscosg500-52mpMatch-
Node
ciscosg500-52p_firmwareMatch3.0.0.61
AND
ciscosg500-52pMatch-
Node
ciscosg500x-24_firmwareMatch3.0.0.61
AND
ciscosg500x-24Match-
Node
ciscosg500x-24mpp_firmwareMatch3.0.0.61
AND
ciscosg500x-24mppMatch-
Node
ciscosg500x-24p_firmwareMatch3.0.0.61
AND
ciscosg500x-24pMatch-
Node
ciscosg500x-48_firmwareMatch3.0.0.61
AND
ciscosg500x-48Match-
Node
ciscosg500x-48mpp_firmwareMatch3.0.0.61
AND
ciscosg500x-48mppMatch-
Node
ciscosg500x-48p_firmwareMatch3.0.0.61
AND
ciscosg500x-48pMatch-

CNA Affected

[
  {
    "vendor": "IEEE",
    "product": "802.2",
    "versions": [
      {
        "version": "802.2h-1997",
        "status": "affected",
        "lessThanOrEqual": "802.2h-1997",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "IETF",
    "product": "draft-ietf-v6ops-ra-guard",
    "versions": [
      {
        "version": "08",
        "status": "affected",
        "lessThanOrEqual": "08",
        "versionType": "custom"
      }
    ]
  },
  {
    "vendor": "IETF",
    "product": "P802.1Q",
    "versions": [
      {
        "version": "D1.0",
        "status": "affected",
        "lessThanOrEqual": "D1.0",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

nvd 1
prion 1
cvelist 1
redhatcve 1
f5 1
cisco 1
arista 1
cert 1
nvd
nvd
CVE-2021-27853
2022-09-27 18:15:09
prion
prion
Design/Logic Flaw
2022-09-27 18:15:00
cvelist
cvelist
CVE-2021-27853 L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers
2022-09-27 00:00:00
redhatcve
redhatcve
CVE-2021-27853
2022-10-02 16:18:58
f5
f5
K45012151 : Layer 2 security bypass issue CVE-2021-27861, CVE-2021-27862, CVE-2021-27853, CVE-2021-27854
2022-12-09 00:00:00
cisco
cisco
Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022
2022-09-27 16:00:00
arista
arista
Security Advisory 0080
2023-09-28 00:00:00
cert
cert
L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
2022-09-27 00:00:00

4.7 Medium

CVSS3

Attack Vector

ADJACENT

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

4.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

26.6%

JSON
Related for CVE-2021-27853
nvd1prion1cvelist1redhatcve1f51cisco1arista1cert1