CVE-2021-27853

4.7 MEDIUM

Published: September 27, 2022 Modified: November 04, 2025

Description

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Source: cret@cert.org

Exploit Third Party Advisory

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

Source: cret@cert.org

Technical Description Third Party Advisory

https://kb.cert.org/vuls/id/855201

Source: cret@cert.org

Third Party Advisory US Government Resource

https://standards.ieee.org/ieee/802.1Q/10323/

Source: cret@cert.org

Vendor Advisory

https://standards.ieee.org/ieee/802.2/1048/

Source: cret@cert.org

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX

Source: cret@cert.org

Third Party Advisory

https://blog.champtar.fr/VLAN0_LLC_SNAP/