Vulnerabilites related to IETF - draft-ietf-v6ops-ra-guard
cve-2021-27854
Vulnerability from cvelistv5
Published
2022-09-27 18:40
Modified
2024-09-17 02:06
Severity ?
EPSS score ?
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:15.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.2/1048/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/855201", }, { tags: [ "x_transferred", ], url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "P802.1Q", vendor: "IETF", versions: [ { lessThanOrEqual: "D1.0", status: "affected", version: "D1.0", versionType: "custom", }, ], }, { product: "draft-ietf-v6ops-ra-guard", vendor: "IETF", versions: [ { lessThanOrEqual: "08", status: "affected", version: "08", versionType: "custom", }, ], }, { product: "802.2", vendor: "IEEE", versions: [ { lessThanOrEqual: "802.2h-1997", status: "affected", version: "802.2h-1997", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Etienne Champetier (@champtar) <champetier.etienne@gmail.com>", }, ], datePublic: "2022-09-27T00:00:00", descriptions: [ { lang: "en", value: "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290: Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-12T00:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { url: "https://standards.ieee.org/ieee/802.2/1048/", }, { url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { url: "https://kb.cert.org/vuls/id/855201", }, { url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], source: { discovery: "EXTERNAL", }, title: "L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation", }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2021-27854", datePublished: "2022-09-27T18:40:12.738763Z", dateReserved: "2021-03-01T00:00:00", dateUpdated: "2024-09-17T02:06:05.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27853
Vulnerability from cvelistv5
Published
2022-09-27 17:55
Modified
2024-09-16 19:30
Severity ?
EPSS score ?
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:15.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.2/1048/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { name: "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022", tags: [ "vendor-advisory", "x_transferred", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX", }, { tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/855201", }, { tags: [ "x_transferred", ], url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "802.2", vendor: "IEEE", versions: [ { lessThanOrEqual: "802.2h-1997", status: "affected", version: "802.2h-1997", versionType: "custom", }, ], }, { product: "draft-ietf-v6ops-ra-guard", vendor: "IETF", versions: [ { lessThanOrEqual: "08", status: "affected", version: "08", versionType: "custom", }, ], }, { product: "P802.1Q", vendor: "IETF", versions: [ { lessThanOrEqual: "D1.0", status: "affected", version: "D1.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Etienne Champetier (@champtar) <champetier.etienne@gmail.com>", }, ], datePublic: "2022-09-27T00:00:00", descriptions: [ { lang: "en", value: "Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-290", description: "CWE-290: Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-12T00:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { url: "https://standards.ieee.org/ieee/802.2/1048/", }, { url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { name: "20220927 Vulnerabilities in Layer 2 Network Security Controls Affecting Cisco Products: September 2022", tags: [ "vendor-advisory", ], url: "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX", }, { url: "https://kb.cert.org/vuls/id/855201", }, { url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], source: { discovery: "EXTERNAL", }, title: "L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers", }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2021-27853", datePublished: "2022-09-27T17:55:09.203402Z", dateReserved: "2021-03-01T00:00:00", dateUpdated: "2024-09-16T19:30:07.552Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2021-27861
Vulnerability from cvelistv5
Published
2022-09-27 18:40
Modified
2024-09-16 16:47
Severity ?
EPSS score ?
Summary
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T21:33:17.074Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.2/1048/", }, { tags: [ "x_transferred", ], url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { tags: [ "x_transferred", ], url: "https://kb.cert.org/vuls/id/855201", }, { tags: [ "x_transferred", ], url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "802.2", vendor: "IEEE", versions: [ { lessThanOrEqual: "802.2h-1997", status: "affected", version: "802.2h-1997", versionType: "custom", }, ], }, { product: "draft-ietf-v6ops-ra-guard", vendor: "IETF", versions: [ { lessThanOrEqual: "08", status: "affected", version: "08", versionType: "custom", }, ], }, { product: "P802.1Q", vendor: "IETF", versions: [ { lessThanOrEqual: "D1.0", status: "affected", version: "D1.0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", value: "Etienne Champetier (@champtar) <champetier.etienne@gmail.com>", }, ], datePublic: "2022-09-27T00:00:00", descriptions: [ { lang: "en", value: "Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-130", description: "CWE-130 Improper Handling of Length Parameter", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-290", description: "CWE-290: Authentication Bypass by Spoofing", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2022-10-12T00:00:00", orgId: "37e5125f-f79b-445b-8fad-9564f167944b", shortName: "certcc", }, references: [ { url: "https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/", }, { url: "https://standards.ieee.org/ieee/802.2/1048/", }, { url: "https://standards.ieee.org/ieee/802.1Q/10323/", }, { url: "https://kb.cert.org/vuls/id/855201", }, { url: "https://blog.champtar.fr/VLAN0_LLC_SNAP/", }, ], source: { discovery: "EXTERNAL", }, title: "L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths", }, }, cveMetadata: { assignerOrgId: "37e5125f-f79b-445b-8fad-9564f167944b", assignerShortName: "certcc", cveId: "CVE-2021-27861", datePublished: "2022-09-27T18:40:13.742316Z", dateReserved: "2021-03-01T00:00:00", dateUpdated: "2024-09-16T16:47:46.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }