The bugs allow for stacking of virtual local area network (VLAN) headers and 802.2 LLC/SNAP headers, enabling an attacker to bypass a device’s various filtering capabilities, including IPv6 RA Guard, Dynamic ARP inspection, and IPv6 Neighbor Discovery (ND) protection. Tracked as CVE-2021-27853, CVE-2021-27854, CVE-2021-27861 and CVE-2021-27862, each of these vulnerabilities represents a different type of bypass of Layer 2 network packet inspection functionality. Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls.Īn attacker can bypass the controls provided by these enterprise devices by sending crafted packets that would trigger a denial-of-service (DoS) or allow them to perform a man-in-the-middle (MitM) attack.Ī total of four medium-severity security issues were found in the L2 network security controls, in the Ethernet encapsulation protocols, the CERT Coordination Center (CERT/CC) at the Carnegie Mellon University notes in an advisory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |