On September 27, 2022, the following vulnerabilities affecting Cisco products were disclosed by Cert/CC as part of VU855201, titled L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers: CVE-2021-27853: Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using a combination of VLAN 0 headers and LLC/SNAP headers. CVE-2021-27854: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and in the reverse-Wifi to Ethernet. CVE-2021-27861: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers). CVE-2021-27862: Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). Exploitation of these vulnerabilities could allow an adjacent malicious user to bypass configured first-hop security (FHS) features on the affected Cisco products. For more information about these vulnerabilities, see the Details section of this advisory. This advisory is available at the following link: sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
ieee ieee 802.2 |
||
ietf p802.1q |
||
cisco catalyst_6503-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6504-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6506-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6509-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6509-neb-a_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6509-v-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6513-e_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6807-xl_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6840-x_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6880-x_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_c6816-x-le_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_c6824-x-le-40g_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_c6832-x-le_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_c6840-x-le-40g_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco catalyst_6800ia_firmware 15.5\\(01.01.85\\)sy07 |
||
cisco ios_xe 17.4.1 |
||
cisco ios_xe 17.6.1 |
||
cisco ios_xe 17.3.3 |
||
cisco ios_xe 15.2\\(07\\)e03 |
||
cisco ios_xe 15.2\\(07\\)e02 |
||
cisco meraki_ms390_firmware - |
||
cisco meraki_ms210_firmware - |
||
cisco meraki_ms225_firmware - |
||
cisco meraki_ms250_firmware - |
||
cisco meraki_ms350_firmware - |
||
cisco meraki_ms355_firmware - |
||
cisco meraki_ms410_firmware - |
||
cisco meraki_ms420_firmware - |
||
cisco meraki_ms425_firmware - |
||
cisco meraki_ms450_firmware - |
||
cisco nexus_93180yc-ex_firmware 9.3\\(5\\) |
||
cisco nexus_93180yc-fx_firmware 9.3\\(5\\) |
||
cisco nexus_93180yc-fx3_firmware 9.3\\(5\\) |
||
cisco nexus_93240yc-fx2_firmware 9.3\\(5\\) |
||
cisco nexus_93360yc-fx2_firmware 9.3\\(5\\) |
||
cisco nexus_93120tx_firmware 9.3\\(5\\) |
||
cisco nexus_93108tc-ex_firmware 9.3\\(5\\) |
||
cisco nexus_9348gc-fxp_firmware 9.3\\(5\\) |
||
cisco nexus_93108tc-fx_firmware 9.3\\(5\\) |
||
cisco nexus_93108tc-fx3p_firmware 9.3\\(5\\) |
||
cisco nexus_93216tc-fx2_firmware 9.3\\(5\\) |
||
cisco n9k-c9316d-gx_firmware 9.3\\(5\\) |
||
cisco n9k-c93600cd-gx_firmware 9.3\\(5\\) |
||
cisco n9k-c9332d-gx2b_firmware 9.3\\(5\\) |
||
cisco n9k-c9348d-gx2a_firmware 9.3\\(5\\) |
||
cisco n9k-c9364d-gx2a_firmware 9.3\\(5\\) |
||
cisco n9k-x97160yc-ex_firmware 9.3\\(5\\) |
||
cisco n9k-x9788tc-fx_firmware 9.3\\(5\\) |
||
cisco n9k-x9564px_firmware 9.3\\(5\\) |
||
cisco n9k-x9464px_firmware 9.3\\(5\\) |
||
cisco n9k-x9564tx_firmware 9.3\\(5\\) |
||
cisco n9k-x9464tx2_firmware 9.3\\(5\\) |
||
cisco nexus_9636pq_firmware 9.3\\(5\\) |
||
cisco nexus_x9636q-r_firmware 9.3\\(5\\) |
||
cisco nexus_9536pq_firmware 9.3\\(5\\) |
||
cisco nexus_9432pq_firmware 9.3\\(5\\) |
||
cisco nexus_9736pq_firmware 9.3\\(5\\) |
||
cisco n9k-x9736c-fx_firmware 9.3\\(5\\) |
||
cisco n9k-x9732c-ex_firmware 9.3\\(5\\) |
||
cisco n9k-x9732c-fx_firmware 9.3\\(5\\) |
||
cisco n9k-x9736c-ex_firmware 9.3\\(5\\) |
||
cisco n9k-x9636c-rx_firmware 9.3\\(5\\) |
||
cisco n9k-x9636c-r_firmware 9.3\\(5\\) |
||
cisco n9k-x9432c-s_firmware 9.3\\(5\\) |
||
cisco nexus_9716d-gx_firmware 9.3\\(5\\) |
||
cisco nexus_9504_firmware 9.3\\(5\\) |
||
cisco nexus_9508_firmware 9.3\\(5\\) |
||
cisco nexus_9516_firmware 9.3\\(5\\) |
||
cisco nexus_92160yc-x_firmware 9.3\\(5\\) |
||
cisco nexus_9272q_firmware 9.3\\(5\\) |
||
cisco nexus_92304qc_firmware 9.3\\(5\\) |
||
cisco nexus_9236c_firmware 9.3\\(5\\) |
||
cisco nexus_92300yc_firmware 9.3\\(5\\) |
||
cisco nexus_92348gc-x_firmware 9.3\\(5\\) |
||
cisco nexus_9364c_firmware 9.3\\(5\\) |
||
cisco nexus_9336c-fx2_firmware 9.3\\(5\\) |
||
cisco nexus_9336c-fx2-e_firmware 9.3\\(5\\) |
||
cisco nexus_9332c_firmware 9.3\\(5\\) |
||
cisco nexus_9364c-gx_firmware 9.3\\(5\\) |
||
cisco nexus_9800_firmware 9.3\\(5\\) |
||
cisco sf500-24_firmware 3.0.0.61 |
||
cisco sf-500-24mp_firmware 3.0.0.61 |
||
cisco sf500-24p_firmware 3.0.0.61 |
||
cisco sf500-48_firmware 3.0.0.61 |
||
cisco sf500-48mp_firmware 3.0.0.61 |
||
cisco sf500-18p_firmware 3.0.0.61 |
||
cisco sg500-28_firmware 3.0.0.61 |
||
cisco sg500-28mpp_firmware 3.0.0.61 |
||
cisco sg500-28p_firmware 3.0.0.61 |
||
cisco sg500-52_firmware 3.0.0.61 |
||
cisco sg500-52mp_firmware 3.0.0.61 |
||
cisco sg500-52p_firmware 3.0.0.61 |
||
cisco sg500x-24_firmware 3.0.0.61 |
||
cisco sg500x-24mpp_firmware 3.0.0.61 |
||
cisco sg500x-24p_firmware 3.0.0.61 |
||
cisco sg500x-48_firmware 3.0.0.61 |
||
cisco sg500x-48mpp_firmware 3.0.0.61 |
||
cisco sg500x-48p_firmware 3.0.0.61 |
Vulmon