CVE-2021-27862

low-risk

Published 2022-09-27

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

Do I need to act?

0.09% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.7/10 Medium

ADJACENT_NETWORK / LOW complexity

Affected Products (2)

Ieee 802.2

P802.1Q

Affected Vendors

Ieee Ietf

References (9)

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Vendor Advisory https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

https://kb.cert.org/vuls/id/855201

Vendor Advisory https://standards.ieee.org/ieee/802.2/1048/

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Vendor Advisory https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

https://kb.cert.org/vuls/id/855201

Vendor Advisory https://standards.ieee.org/ieee/802.2/1048/

https://www.kb.cert.org/vuls/id/855201

/ 100

low-risk

Severity 16/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 7/34 · Low