Improper access control in Cisco Systems, Inc products - CVE-2021-27854

Vulnerability identifier: #VU67766

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-27854

CWE-ID: CWE-284

Exploitation vector: Adjecent network

Exploit availability: No public exploit available

Vulnerable software:
6300 Series Embedded Services Access Points
Aironet 4800 Access Points
Business 100 Series Access Points
Business 200 Series Access Points
Wireless LAN Controller Software
Cisco Aironet 1540 Series Access Points
Aironet 1560 Series Access Points
Aironet 1800 Series Access Points
Aironet 2800 Series Access Points
Aironet 3800 Series Access Points
Catalyst 9100 Access Points
Catalyst IW 6300 Heavy Duty Series Access Points
Integrated AP on 1100 Integrated Services Routers
Catalyst 9800 Wireless Controller Software

Software vendor:
Cisco Systems, Inc

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in the Layer 2 network filtering capabilities such as IPv6 RA guard. A remote attacker on the local network can bypass these capabilities using a combination of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation and in the reverse-Wifi to Ethernet.

Install updates from vendor's website.

• https://blog.champtar.fr/VLAN0_LLC_SNAP/