Strix
26.1K

CVE-2021-27853

MEDIUMCVSS 4.7/10EPSS 0.69%

Last modified

CVE-2021-27853 is a medium-severity vulnerability rated 4.7/10 on the CVSS scale. Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.. EPSS estimates a 0.69% chance of exploitation in the next 30 days.

Description

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Metrics

CVSS 3.1
4.7/10

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

EPSS Probability
0.69%

48.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
IeeeIeee 802.2<= 802.2h-1997
IetfP802.1q<= d1.0
CiscoCatalyst 6503-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6504-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6506-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6509-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6509-Neb-A Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6509-V-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6513-E Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6807-Xl Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6840-X Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6880-X Firmware15.5\(01.01.85\)sy07
CiscoCatalyst C6816-X-Le Firmware15.5\(01.01.85\)sy07
CiscoCatalyst C6824-X-Le-40g Firmware15.5\(01.01.85\)sy07
CiscoCatalyst C6832-X-Le Firmware15.5\(01.01.85\)sy07
CiscoCatalyst C6840-X-Le-40g Firmware15.5\(01.01.85\)sy07
CiscoCatalyst 6800ia Firmware15.5\(01.01.85\)sy07
CiscoIos Xe17.3.3
CiscoIos Xe15.2\(07\)e02
CiscoIos Xe15.2\(07\)e03
CiscoIos Xe17.4.1
CiscoIos Xe17.6.1
CiscoMeraki Ms390 FirmwareAll versions
CiscoMeraki Ms210 FirmwareAll versions
CiscoMeraki Ms225 FirmwareAll versions
CiscoMeraki Ms250 FirmwareAll versions
CiscoMeraki Ms350 FirmwareAll versions
CiscoMeraki Ms355 FirmwareAll versions
CiscoMeraki Ms410 FirmwareAll versions
CiscoMeraki Ms420 FirmwareAll versions
CiscoMeraki Ms425 FirmwareAll versions
CiscoMeraki Ms450 FirmwareAll versions
CiscoNexus 93180yc-Ex Firmware9.3\(5\)
CiscoNexus 93180yc-Fx Firmware9.3\(5\)
CiscoNexus 93180yc-Fx3 Firmware9.3\(5\)
CiscoNexus 93240yc-Fx2 Firmware9.3\(5\)
CiscoNexus 93360yc-Fx2 Firmware9.3\(5\)
CiscoNexus 93120tx Firmware9.3\(5\)
CiscoNexus 93108tc-Ex Firmware9.3\(5\)
CiscoNexus 9348gc-Fxp Firmware9.3\(5\)
CiscoNexus 93108tc-Fx Firmware9.3\(5\)
CiscoNexus 93108tc-Fx3p Firmware9.3\(5\)
CiscoNexus 93216tc-Fx2 Firmware9.3\(5\)
CiscoN9k-C9316d-Gx Firmware9.3\(5\)
CiscoN9k-C93600cd-Gx Firmware9.3\(5\)
CiscoN9k-C9332d-Gx2b Firmware9.3\(5\)
CiscoN9k-C9348d-Gx2a Firmware9.3\(5\)
CiscoN9k-C9364d-Gx2a Firmware9.3\(5\)
CiscoN9k-X97160yc-Ex Firmware9.3\(5\)
CiscoN9k-X9788tc-Fx Firmware9.3\(5\)

Showing 50 of 100 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2021-27853?
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
How severe is CVE-2021-27853?
CVE-2021-27853 has a CVSS score of 4.7/10 (MEDIUM severity). The EPSS model estimates a 0.69% probability of exploitation in the next 30 days.
How do I fix CVE-2021-27853?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2021-27853?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST