CVE-2021-27853

MEDIUM

Published Sep 27, 20223y ago · Modified Jun 17, 20261w ago

4.7 CVSS 3.1

Medium

Published Sep 27, 2022 3y ago

Last Modified Jun 17, 2026 1w ago

Description

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

CVSS Details

Base Score

4.7

Exploitability

2.8

Impact

1.4

Vector string

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Attack Vector Adjacent

Attack Complexity Low

Privileges Required None

User Interaction None

Scope Changed

Confidentiality None

Integrity Low

Availability None

Threat Intelligence

No active exploitation signals — not in CISA KEV and no EPSS score yet.

Exploit & Patch Status

Public Exploit Known

No Patch Available

Weaknesses 1

CWE-290

Affected Products 312

Vendor	Product	Version	Range
ieee	ieee_802.2	*	≤802.2h-1997
ietf	p802.1q	*	≤d1.0
cisco	catalyst_6503-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6503-e	*	any
cisco	catalyst_6504-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6504-e	*	any
cisco	catalyst_6506-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6506-e	*	any
cisco	catalyst_6509-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6509-e	*	any
cisco	catalyst_6509-neb-a_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6509-neb-a	*	any
cisco	catalyst_6509-v-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6509-v-e	*	any
cisco	catalyst_6513-e_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6513-e	*	any
cisco	catalyst_6807-xl_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6807-xl	*	any
cisco	catalyst_6840-x_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6840-x	*	any
cisco	catalyst_6880-x_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6880-x	*	any
cisco	catalyst_c6816-x-le_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_c6816-x-le	*	any
cisco	catalyst_c6824-x-le-40g_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_c6824-x-le-40g	*	any
cisco	catalyst_c6832-x-le_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_c6832-x-le	*	any
cisco	catalyst_c6840-x-le-40g_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_c6840-x-le-40g	*	any
cisco	catalyst_6800ia_firmware	15.5\(01.01.85\)sy07	any
cisco	catalyst_6800ia	*	any
cisco	ios_xe	17.3.3	any
cisco	ios_xe	15.2\(07\)e02	any
cisco	ios_xe	15.2\(07\)e03	any
cisco	ios_xe	17.4.1	any
cisco	ios_xe	17.6.1	any
cisco	catalyst_3650-12x48fd-e	*	any
cisco	catalyst_3650-12x48fd-l	*	any
cisco	catalyst_3650-12x48fd-s	*	any
cisco	catalyst_3650-12x48uq-e	*	any
cisco	catalyst_3650-12x48uq-l	*	any
cisco	catalyst_3650-12x48uq-s	*	any
cisco	catalyst_3650-12x48ur-e	*	any
cisco	catalyst_3650-12x48ur-l	*	any
cisco	catalyst_3650-12x48ur-s	*	any
cisco	catalyst_3650-12x48uz-e	*	any
cisco	catalyst_3650-12x48uz-l	*	any
cisco	catalyst_3650-12x48uz-s	*	any
cisco	catalyst_3650-24pd-e	*	any
cisco	catalyst_3650-24pd-l	*	any
cisco	catalyst_3650-24pd-s	*	any
cisco	catalyst_3650-24pdm-e	*	any
cisco	catalyst_3650-24pdm-l	*	any
cisco	catalyst_3650-24pdm-s	*	any
cisco	catalyst_3650-24ps-e	*	any
cisco	catalyst_3650-24ps-l	*	any
cisco	catalyst_3650-24ps-s	*	any
cisco	catalyst_3650-24td-e	*	any
cisco	catalyst_3650-24td-l	*	any
cisco	catalyst_3650-24td-s	*	any
cisco	catalyst_3650-24ts-e	*	any
cisco	catalyst_3650-24ts-l	*	any
cisco	catalyst_3650-24ts-s	*	any
cisco	catalyst_3650-48fd-e	*	any
cisco	catalyst_3650-48fd-l	*	any
cisco	catalyst_3650-48fd-s	*	any
cisco	catalyst_3650-48fq-e	*	any
cisco	catalyst_3650-48fq-l	*	any
cisco	catalyst_3650-48fq-s	*	any
cisco	catalyst_3650-48fqm-e	*	any
cisco	catalyst_3650-48fqm-l	*	any
cisco	catalyst_3650-48fqm-s	*	any
cisco	catalyst_3650-48fs-e	*	any
cisco	catalyst_3650-48fs-l	*	any
cisco	catalyst_3650-48fs-s	*	any
cisco	catalyst_3650-48pd-e	*	any
cisco	catalyst_3650-48pd-l	*	any
cisco	catalyst_3650-48pd-s	*	any
cisco	catalyst_3650-48pq-e	*	any
cisco	catalyst_3650-48pq-l	*	any
cisco	catalyst_3650-48pq-s	*	any
cisco	catalyst_3650-48ps-e	*	any
cisco	catalyst_3650-48ps-l	*	any
cisco	catalyst_3650-48ps-s	*	any
cisco	catalyst_3650-48td-e	*	any
cisco	catalyst_3650-48td-l	*	any
cisco	catalyst_3650-48td-s	*	any
cisco	catalyst_3650-48tq-e	*	any
cisco	catalyst_3650-48tq-l	*	any
cisco	catalyst_3650-48tq-s	*	any
cisco	catalyst_3650-48ts-e	*	any
cisco	catalyst_3650-48ts-l	*	any
cisco	catalyst_3650-48ts-s	*	any
cisco	catalyst_3650-8x24pd-e	*	any
cisco	catalyst_3650-8x24pd-l	*	any
cisco	catalyst_3650-8x24pd-s	*	any
cisco	catalyst_3650-8x24uq-e	*	any
cisco	catalyst_3650-8x24uq-l	*	any
cisco	catalyst_3650-8x24uq-s	*	any
cisco	catalyst_3850-12s-e	*	any
cisco	catalyst_3850-12s-s	*	any
cisco	catalyst_3850-12xs-e	*	any
cisco	catalyst_3850-12xs-s	*	any
cisco	catalyst_3850-16xs-e	*	any
cisco	catalyst_3850-16xs-s	*	any
cisco	catalyst_3850-24p-e	*	any
cisco	catalyst_3850-24p-l	*	any
cisco	catalyst_3850-24pw-s	*	any
cisco	catalyst_3850-24s-e	*	any
cisco	catalyst_3850-24s-s	*	any
cisco	catalyst_3850-24t-e	*	any
cisco	catalyst_3850-24t-l	*	any
cisco	catalyst_3850-24t-s	*	any
cisco	catalyst_3850-24u-e	*	any
cisco	catalyst_3850-24u-l	*	any
cisco	catalyst_3850-24u-s	*	any
cisco	catalyst_3850-24xs-e	*	any
cisco	catalyst_3850-24xs-s	*	any
cisco	catalyst_3850-24xu-e	*	any
cisco	catalyst_3850-24xu-l	*	any
cisco	catalyst_3850-24xu-s	*	any
cisco	catalyst_3850-32xs-e	*	any
cisco	catalyst_3850-32xs-s	*	any
cisco	catalyst_3850-48f-e	*	any
cisco	catalyst_3850-48f-l	*	any
cisco	catalyst_3850-48f-s	*	any
cisco	catalyst_3850-48p-e	*	any
cisco	catalyst_3850-48p-l	*	any
cisco	catalyst_3850-48p-s	*	any
cisco	catalyst_3850-48pw-s	*	any
cisco	catalyst_3850-48t-e	*	any
cisco	catalyst_3850-48t-l	*	any
cisco	catalyst_3850-48t-s	*	any
cisco	catalyst_3850-48u-e	*	any
cisco	catalyst_3850-48u-l	*	any
cisco	catalyst_3850-48u-s	*	any
cisco	catalyst_3850-48xs-e	*	any
cisco	catalyst_3850-48xs-f-e	*	any
cisco	catalyst_3850-48xs-f-s	*	any
cisco	catalyst_3850-48xs-s	*	any
cisco	catalyst_9200	*	any
cisco	catalyst_9200cx	*	any
cisco	catalyst_9200l	*	any
cisco	catalyst_9300	*	any
cisco	catalyst_9300l	*	any
cisco	catalyst_9300lm	*	any
cisco	catalyst_9300x	*	any
cisco	catalyst_9400	*	any
cisco	catalyst_9500	*	any
cisco	catalyst_9500h	*	any
cisco	catalyst_9600	*	any
cisco	catalyst_9600x	*	any
cisco	catalyst_c3850-12x48u-e	*	any
cisco	catalyst_c3850-12x48u-l	*	any
cisco	catalyst_c3850-12x48u-s	*	any
cisco	meraki_ms390_firmware	*	any
cisco	meraki_ms390	*	any
cisco	meraki_ms210_firmware	*	any
cisco	meraki_ms210	*	any
cisco	meraki_ms225_firmware	*	any
cisco	meraki_ms225	*	any
cisco	meraki_ms250_firmware	*	any
cisco	meraki_ms250	*	any
cisco	meraki_ms350_firmware	*	any
cisco	meraki_ms350	*	any
cisco	meraki_ms355_firmware	*	any
cisco	meraki_ms355	*	any
cisco	meraki_ms410_firmware	*	any
cisco	meraki_ms410	*	any
cisco	meraki_ms420_firmware	*	any
cisco	meraki_ms420	*	any
cisco	meraki_ms425_firmware	*	any
cisco	meraki_ms425	*	any
cisco	meraki_ms450_firmware	*	any
cisco	meraki_ms450	*	any
cisco	nexus_93180yc-ex_firmware	9.3\(5\)	any
cisco	nexus_93180yc-ex	*	any
cisco	nexus_93180yc-fx_firmware	9.3\(5\)	any
cisco	nexus_93180yc-fx	*	any
cisco	nexus_93180yc-fx3_firmware	9.3\(5\)	any
cisco	nexus_93180yc-fx3	*	any
cisco	nexus_93240yc-fx2_firmware	9.3\(5\)	any
cisco	nexus_93240yc-fx2	*	any
cisco	nexus_93360yc-fx2_firmware	9.3\(5\)	any
cisco	nexus_93360yc-fx2	*	any
cisco	nexus_93120tx_firmware	9.3\(5\)	any
cisco	nexus_93120tx	*	any
cisco	nexus_93108tc-ex_firmware	9.3\(5\)	any
cisco	nexus_93108tc-ex	*	any
cisco	nexus_9348gc-fxp_firmware	9.3\(5\)	any
cisco	nexus_9348gc-fxp	*	any
cisco	nexus_93108tc-fx_firmware	9.3\(5\)	any
cisco	nexus_93108tc-fx	*	any
cisco	nexus_93108tc-fx3p_firmware	9.3\(5\)	any
cisco	nexus_93108tc-fx3p	*	any
cisco	nexus_93216tc-fx2_firmware	9.3\(5\)	any
cisco	nexus_93216tc-fx2	*	any
cisco	n9k-c9316d-gx_firmware	9.3\(5\)	any
cisco	n9k-c9316d-gx	*	any
cisco	n9k-c93600cd-gx_firmware	9.3\(5\)	any
cisco	n9k-c93600cd-gx	*	any
cisco	n9k-c9332d-gx2b_firmware	9.3\(5\)	any
cisco	n9k-c9332d-gx2b	*	any
cisco	n9k-c9348d-gx2a_firmware	9.3\(5\)	any
cisco	n9k-c9348d-gx2a	*	any
cisco	n9k-c9364d-gx2a_firmware	9.3\(5\)	any
cisco	n9k-c9364d-gx2a	*	any
cisco	n9k-x97160yc-ex_firmware	9.3\(5\)	any
cisco	n9k-x97160yc-ex	*	any
cisco	n9k-x9788tc-fx_firmware	9.3\(5\)	any
cisco	n9k-x9788tc-fx	*	any
cisco	n9k-x9564px_firmware	9.3\(5\)	any
cisco	n9k-x9564px	*	any
cisco	n9k-x9464px_firmware	9.3\(5\)	any
cisco	n9k-x9464px	*	any
cisco	n9k-x9564tx_firmware	9.3\(5\)	any
cisco	n9k-x9564tx	*	any
cisco	n9k-x9464tx2_firmware	9.3\(5\)	any
cisco	n9k-x9464tx2	*	any
cisco	nexus_9636pq_firmware	9.3\(5\)	any
cisco	nexus_9636pq	*	any
cisco	nexus_x9636q-r_firmware	9.3\(5\)	any
cisco	nexus_x9636q-r	*	any
cisco	nexus_9536pq_firmware	9.3\(5\)	any
cisco	nexus_9536pq	*	any
cisco	nexus_9432pq_firmware	9.3\(5\)	any
cisco	nexus_9432pq	*	any
cisco	nexus_9736pq_firmware	9.3\(5\)	any
cisco	nexus_9736pq	*	any
cisco	n9k-x9736c-fx_firmware	9.3\(5\)	any
cisco	n9k-x9736c-fx	*	any
cisco	n9k-x9732c-ex_firmware	9.3\(5\)	any
cisco	n9k-x9732c-ex	*	any
cisco	n9k-x9732c-fx_firmware	9.3\(5\)	any
cisco	n9k-x9732c-fx	*	any
cisco	n9k-x9736c-ex_firmware	9.3\(5\)	any
cisco	n9k-x9736c-ex	*	any
cisco	n9k-x9636c-rx_firmware	9.3\(5\)	any
cisco	n9k-x9636c-rx	*	any
cisco	n9k-x9636c-r_firmware	9.3\(5\)	any
cisco	n9k-x9636c-r	*	any
cisco	n9k-x9432c-s_firmware	9.3\(5\)	any
cisco	n9k-x9432c-s	*	any
cisco	nexus_9716d-gx_firmware	9.3\(5\)	any
cisco	nexus_9716d-gx	*	any
cisco	nexus_9504_firmware	9.3\(5\)	any
cisco	nexus_9504	*	any
cisco	nexus_9508_firmware	9.3\(5\)	any
cisco	nexus_9508	*	any
cisco	nexus_9516_firmware	9.3\(5\)	any
cisco	nexus_9516	*	any
cisco	nexus_92160yc-x_firmware	9.3\(5\)	any
cisco	nexus_92160yc-x	*	any
cisco	nexus_9272q_firmware	9.3\(5\)	any
cisco	nexus_9272q	*	any
cisco	nexus_92304qc_firmware	9.3\(5\)	any
cisco	nexus_92304qc	*	any
cisco	nexus_9236c_firmware	9.3\(5\)	any
cisco	nexus_9236c	*	any
cisco	nexus_92300yc_firmware	9.3\(5\)	any
cisco	nexus_92300yc	*	any
cisco	nexus_92348gc-x_firmware	9.3\(5\)	any
cisco	nexus_92348gc-x	*	any
cisco	nexus_9364c_firmware	9.3\(5\)	any
cisco	nexus_9364c	*	any
cisco	nexus_9336c-fx2_firmware	9.3\(5\)	any
cisco	nexus_9336c-fx2	*	any
cisco	nexus_9336c-fx2-e_firmware	9.3\(5\)	any
cisco	nexus_9336c-fx2-e	*	any
cisco	nexus_9332c_firmware	9.3\(5\)	any
cisco	nexus_9332c	*	any
cisco	nexus_9364c-gx_firmware	9.3\(5\)	any
cisco	nexus_9364c-gx	*	any
cisco	nexus_9800_firmware	9.3\(5\)	any
cisco	nexus_9800	*	any
cisco	sf500-24_firmware	3.0.0.61	any
cisco	sf500-24	*	any
cisco	sf-500-24mp_firmware	3.0.0.61	any
cisco	sf-500-24mp	*	any
cisco	sf500-24p_firmware	3.0.0.61	any
cisco	sf500-24p	*	any
cisco	sf500-48_firmware	3.0.0.61	any
cisco	sf500-48	*	any
cisco	sf500-48mp_firmware	3.0.0.61	any
cisco	sf500-48mp	*	any
cisco	sf500-18p_firmware	3.0.0.61	any
cisco	sf500-18p	*	any
cisco	sg500-28_firmware	3.0.0.61	any
cisco	sg500-28	*	any
cisco	sg500-28mpp_firmware	3.0.0.61	any
cisco	sg500-28mpp	*	any
cisco	sg500-28p_firmware	3.0.0.61	any
cisco	sg500-28p	*	any
cisco	sg500-52_firmware	3.0.0.61	any
cisco	sg500-52	*	any
cisco	sg500-52mp_firmware	3.0.0.61	any
cisco	sg500-52mp	*	any
cisco	sg500-52p_firmware	3.0.0.61	any
cisco	sg500-52p	*	any
cisco	sg500x-24_firmware	3.0.0.61	any
cisco	sg500x-24	*	any
cisco	sg500x-24mpp_firmware	3.0.0.61	any
cisco	sg500x-24mpp	*	any
cisco	sg500x-24p_firmware	3.0.0.61	any
cisco	sg500x-24p	*	any
cisco	sg500x-48_firmware	3.0.0.61	any
cisco	sg500x-48	*	any
cisco	sg500x-48mpp_firmware	3.0.0.61	any
cisco	sg500x-48mpp	*	any
cisco	sg500x-48p_firmware	3.0.0.61	any
cisco	sg500x-48p	*	any

References 7

blog.champtar.fr https://blog.champtar.fr/VLAN0_LLC_SNAP/

ExploitThird Party Advisory
datatracker.ietf.org https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

Technical DescriptionThird Party Advisory
kb.cert.org https://kb.cert.org/vuls/id/855201

Third Party AdvisoryUS Government Resource
standards.ieee.org https://standards.ieee.org/ieee/802.1Q/10323/

Vendor Advisory
standards.ieee.org https://standards.ieee.org/ieee/802.2/1048/

Vendor Advisory
tools.cisco.com https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

Third Party Advisory
kb.cert.org https://www.kb.cert.org/vuls/id/855201

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.