Improper access control in multiple Cisco products
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2021-27853 |
| CWE-ID | CWE-284 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
Catalyst 6500 Series Switches Other software / Other software solutions Catalyst Digital Building Series Switches Other software / Other software solutions Cisco Catalyst 6800 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Industrial Ethernet Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Micro Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Catalyst 4500 IOS-XE Switches Hardware solutions / Routers & switches, VoIP, GSM, etc IOS XE Switches Hardware solutions / Routers & switches, VoIP, GSM, etc IOS XE Routers configured with Ethernet virtual circuits Hardware solutions / Routers & switches, VoIP, GSM, etc IOS XR Routers configured with L2 Transport services Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Meraki MS390 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS210 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS225 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS250 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS350 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS355 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS410 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS420 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS425 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Merak MS450 Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 3000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5500 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 5600 Platform Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 6000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Nexus 7000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco Nexus 9000 Series Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 250 Series Smart Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 350 Series Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 350X Series Stackable Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc Cisco 550X Series Stackable Managed Switches Hardware solutions / Routers & switches, VoIP, GSM, etc |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Improper access control
EUVDB-ID: #VU67768
Risk: Low
CVSSv4.0: 1.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2021-27853
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions in the Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection. A remote attacker on the local network can bypass the FHS feature on the target device.
MitigationInstall updates from vendor's website.
Vulnerable software versionsCatalyst 6500 Series Switches: All versions
Cisco Catalyst 6800 Series Switches: All versions
Catalyst Digital Building Series Switches: All versions
Industrial Ethernet Switches: All versions
Micro Switches: All versions
Catalyst 4500 IOS-XE Switches: All versions
IOS XE Switches: Bengaluru-17.4.1 - 17.3.3
IOS XE Routers configured with Ethernet virtual circuits: All versions
IOS XR Routers configured with L2 Transport services: All versions
Cisco Meraki MS390: All versions
Cisco Merak MS210: All versions
Cisco Merak MS225: All versions
Cisco Merak MS250: All versions
Cisco Merak MS350: All versions
Cisco Merak MS355: All versions
Cisco Merak MS410: All versions
Cisco Merak MS420: All versions
Cisco Merak MS425: All versions
Cisco Merak MS450: All versions
Cisco Nexus 3000 Series Switches: All versions
Nexus 5500 Platform Switches: All versions
Nexus 5600 Platform Switches: All versions
Nexus 6000 Series Switches: All versions
Nexus 7000 Series Switches: All versions
Cisco Nexus 9000 Series Switches: All versions
Cisco 250 Series Smart Switches: All versions
Cisco 350 Series Managed Switches: All versions
Cisco 350X Series Stackable Managed Switches: All versions
Cisco 550X Series Stackable Managed Switches: All versions
CPE2.3- cpe:2.3:a:cisco_systems:catalyst_6500_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_catalyst_6800_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:a:cisco_systems:catalyst_digital_building_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:industrial_ethernet_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:micro_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:catalyst_4500_ios-xe_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ios_xe_switches:Bengaluru-17.4.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ios_xe_switches:Bengaluru-17.6.1:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ios_xe_switches:17.3.3:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ios_xe_routers_configured_with_ethernet_virtual_circuits:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:ios_xr_routers_configured_with_l2_transport_services:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_meraki_ms390:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms210:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms225:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms250:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms350:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms355:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms410:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms420:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms425:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_merak_ms450:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_3000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5500_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_5600_platform_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_6000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:nexus_7000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_nexus_9000_series_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_250_series_smart_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_350_series_managed_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_350x_series_stackable_managed_switches:*:*:*:*:*:*:*:*
- cpe:2.3:h:cisco_systems:cisco_550x_series_stackable_managed_switches:*:*:*:*:*:*:*:*
https://blog.champtar.fr/VLAN0_LLC_SNAP/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
