CVE-2021-27853
MEDIUMIEEE 802.2 < 802.2h-1997 - Authentication Bypass via VLAN 0 and LLC/SNAP Header Spoofing
Title source: llmDescription
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
References (7)
Core 7
Core References
Third Party Advisory vendor-advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX
Exploit, Third Party Advisory
https://blog.champtar.fr/VLAN0_LLC_SNAP/
Technical Description, Third Party Advisory
https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/
Third Party Advisory, US Government Resource
https://kb.cert.org/vuls/id/855201
Vendor Advisory
https://standards.ieee.org/ieee/802.1Q/10323/
Vendor Advisory
https://standards.ieee.org/ieee/802.2/1048/
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/855201
Scores
CVSS v3
4.7
EPSS
0.0011
EPSS Percentile
28.7%
Attack Vector
ADJACENT_NETWORK
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-290
Status
published
Products (50)
cisco/catalyst_6503-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6504-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6506-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6509-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6509-neb-a_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6509-v-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6513-e_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6800ia_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6807-xl_firmware
15.5\(01.01.85\)sy07
cisco/catalyst_6840-x_firmware
15.5\(01.01.85\)sy07
... and 40 more
Published
Sep 27, 2022
Tracked Since
Feb 18, 2026