CVE-2021-27861

medium

Description

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

References

Advisories
More

https://standards.ieee.org/ieee/802.2/1048/

https://standards.ieee.org/ieee/802.1Q/10323/

https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/

https://www.kb.cert.org/vuls/id/855201

https://kb.cert.org/vuls/id/855201

https://blog.champtar.fr/VLAN0_LLC_SNAP/

Details

Source: Mitre, NVD

Published: 2022-09-27

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 3.3

Vector: CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4.7

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00006

Detections

Analytics