CVE-2021-27854

L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation

CVSS 4.7 MEDIUMEPSS 0.7%CWE-290

In short

Network devices can be tricked into allowing blocked traffic by using special frame combinations with VLAN 0 headers and format conversions between Ethernet and WiFi. This bypasses security filters meant to prevent dangerous network messages.

Technical detail

Layer 2 filtering mechanisms (e.g., IPv6 RA guard) can be circumvented by crafting frames with stacked VLAN 0 tags, LLC/SNAP encapsulation, and exploiting Ethernet-to-WiFi frame translation asymmetries. The attack requires network access to transmit crafted frames and affects devices relying on L2-based security policies.

Summary generated and translated by AI from the official description.

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Affected products

IEEE · 802.2 IETF · draft-ietf-v6ops-ra-guard IETF · P802.1Q

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://blog.champtar.fr/VLAN0_LLC_SNAP/https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323/https://standards.ieee.org/ieee/802.2/1048/https://www.kb.cert.org/vuls/id/855201