CVE-2021-27861

Published: Sep 27, 2022Modified: Nov 4, 2025

4.7

Vector

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

Affected (2)

Products: Ieee: Ieee 802.2 · Ietf: P802.1q

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ieee Ieee 802.2	Up to 802.2h-1997

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ietf P802.1q	Up to d1.0

Related CWEs

CWE-130

Improper Handling of Length Parameter Inconsistency

The product parses a formatted message or structure, but it does not handle or incorrectly handles a length field that is inconsistent with the actual length of the associated data.

CWE-290

Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

References (11)

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Source: cret@cert.org

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

Source: cret@cert.org

Third Party Advisory

https://kb.cert.org/vuls/id/855201

Source: cret@cert.org

https://standards.ieee.org/ieee/802.1Q/10323/

Source: cret@cert.org

Third Party Advisory

https://standards.ieee.org/ieee/802.2/1048/

Source: cret@cert.org

Third Party Advisory

https://blog.champtar.fr/VLAN0_LLC_SNAP/