CVE-2021-27853

4.7

MEDIUM

Fortinet Layer 2 Network Filtering Bypass Vulnerability

Description

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

INFO

Published Date :

Sept. 27, 2022, 6:15 p.m.

Last Modified :

Nov. 16, 2022, 5:26 p.m.

Source :

[email protected]

Remotely Exploitable :

No

Impact Score :

1.4

Exploitability Score :

2.8

Affected Products

The following products are affected by CVE-2021-27853 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID	Vendor	Product
1	Cisco	ios_xe
2	Cisco	sg500-28mpp_firmware
3	Cisco	sg500-52mp_firmware
4	Cisco	sf500-24_firmware
5	Cisco	sf500-24p_firmware
6	Cisco	sf500-48_firmware
7	Cisco	sg500-28_firmware
8	Cisco	sg500-28p_firmware
9	Cisco	sg500-52_firmware
10	Cisco	sg500-52p_firmware
11	Cisco	sg500x-24_firmware
12	Cisco	sg500x-24p_firmware
13	Cisco	sg500x-48_firmware
14	Cisco	sg500x-48p_firmware
15	Cisco	sf500-48mp_firmware
16	Cisco	ios_xe
17	Cisco	sg500x-24mpp_firmware
18	Cisco	sg500x-48mpp_firmware
19	Cisco	nexus_93180yc-fx3_firmware
20	Cisco	sf500-18p_firmware
21	Cisco	catalyst_6503-e_firmware
22	Cisco	catalyst_6504-e_firmware
23	Cisco	catalyst_6506-e_firmware
24	Cisco	catalyst_6509-e_firmware
25	Cisco	catalyst_6509-neb-a_firmware
26	Cisco	catalyst_6509-v-e_firmware
27	Cisco	catalyst_6513-e_firmware
28	Cisco	catalyst_6807-xl_firmware
29	Cisco	catalyst_6840-x_firmware
30	Cisco	catalyst_6880-x_firmware
31	Cisco	catalyst_c6816-x-le_firmware
32	Cisco	catalyst_c6824-x-le-40g_firmware
33	Cisco	catalyst_c6832-x-le_firmware
34	Cisco	catalyst_c6840-x-le-40g_firmware
35	Cisco	catalyst_6800ia_firmware
36	Cisco	meraki_ms390_firmware
37	Cisco	meraki_ms210_firmware
38	Cisco	meraki_ms225_firmware
39	Cisco	meraki_ms250_firmware
40	Cisco	meraki_ms350_firmware
41	Cisco	meraki_ms355_firmware
42	Cisco	meraki_ms410_firmware
43	Cisco	meraki_ms420_firmware
44	Cisco	meraki_ms425_firmware
45	Cisco	meraki_ms450_firmware
46	Cisco	nexus_93180yc-ex_firmware
47	Cisco	nexus_93180yc-fx_firmware
48	Cisco	nexus_93240yc-fx2_firmware
49	Cisco	nexus_93360yc-fx2_firmware
50	Cisco	nexus_93120tx_firmware
51	Cisco	nexus_93108tc-ex_firmware
52	Cisco	nexus_9348gc-fxp_firmware
53	Cisco	nexus_93108tc-fx_firmware
54	Cisco	nexus_93108tc-fx3p_firmware
55	Cisco	nexus_93216tc-fx2_firmware
56	Cisco	n9k-c9316d-gx_firmware
57	Cisco	n9k-c93600cd-gx_firmware
58	Cisco	n9k-c9332d-gx2b_firmware
59	Cisco	n9k-c9348d-gx2a_firmware
60	Cisco	n9k-c9364d-gx2a_firmware
61	Cisco	n9k-x97160yc-ex_firmware
62	Cisco	n9k-x9788tc-fx_firmware
63	Cisco	n9k-x9564px_firmware
64	Cisco	n9k-x9464px_firmware
65	Cisco	n9k-x9564tx_firmware
66	Cisco	n9k-x9464tx2_firmware
67	Cisco	nexus_9636pq_firmware
68	Cisco	nexus_x9636q-r_firmware
69	Cisco	nexus_9536pq_firmware
70	Cisco	nexus_9432pq_firmware
71	Cisco	nexus_9736pq_firmware
72	Cisco	n9k-x9736c-fx_firmware
73	Cisco	n9k-x9732c-ex_firmware
74	Cisco	n9k-x9732c-fx_firmware
75	Cisco	n9k-x9736c-ex_firmware
76	Cisco	n9k-x9636c-rx_firmware
77	Cisco	n9k-x9636c-r_firmware
78	Cisco	n9k-x9432c-s_firmware
79	Cisco	nexus_9716d-gx_firmware
80	Cisco	nexus_9504_firmware
81	Cisco	nexus_9508_firmware
82	Cisco	nexus_9516_firmware
83	Cisco	nexus_92160yc-x_firmware
84	Cisco	nexus_9272q_firmware
85	Cisco	nexus_92304qc_firmware
86	Cisco	nexus_9236c_firmware
87	Cisco	nexus_92300yc_firmware
88	Cisco	nexus_92348gc-x_firmware
89	Cisco	nexus_9364c_firmware
90	Cisco	nexus_9336c-fx2_firmware
91	Cisco	nexus_9336c-fx2-e_firmware
92	Cisco	nexus_9332c_firmware
93	Cisco	nexus_9364c-gx_firmware
94	Cisco	nexus_9800_firmware
95	Cisco	sf-500-24mp_firmware
1	Ieee	ieee_802.2
1	Ietf	p802.1q

: Total Affected Vendor : 3 | Products : 97

References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2021-27853.

URL	Resource
https://blog.champtar.fr/VLAN0_LLC_SNAP/	Exploit Third Party Advisory
https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/	Technical Description Third Party Advisory
https://kb.cert.org/vuls/id/855201	Third Party Advisory US Government Resource
https://standards.ieee.org/ieee/802.1Q/10323/	Vendor Advisory
https://standards.ieee.org/ieee/802.2/1048/	Vendor Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX	Third Party Advisory

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2021-27853 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2021-27853 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

CVE Modified by [email protected]

May. 14, 2024

Action Type Old Value New Value

Modified Analysis by [email protected]

Nov. 16, 2022

Action	Type	Old Value	New Value
Changed	Reference Type	https://blog.champtar.fr/VLAN0_LLC_SNAP/ No Types Assigned	https://blog.champtar.fr/VLAN0_LLC_SNAP/ Exploit, Third Party Advisory
Changed	Reference Type	https://kb.cert.org/vuls/id/855201 No Types Assigned	https://kb.cert.org/vuls/id/855201 Third Party Advisory, US Government Resource

CPE Deprecation Remap by [email protected]

Oct. 27, 2022

Action Type Old Value New Value

Changed CPE Configuration OR *cpe:2.3:a:cisco:ios_xe:15.2(07)e02:*:*:*:*:*:*:* OR *cpe:2.3:o:cisco:ios_xe:15.2(07)e02:*:*:*:*:*:*:*
CPE Deprecation Remap by [email protected]

Oct. 27, 2022

Action Type Old Value New Value

Changed CPE Configuration OR *cpe:2.3:a:cisco:ios_xe:17.4.1:*:*:*:*:*:*:* OR *cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*
CPE Deprecation Remap by [email protected]

Oct. 27, 2022

Action Type Old Value New Value

Changed CPE Configuration OR *cpe:2.3:a:cisco:ios_xe:15.2(07)e03:*:*:*:*:*:*:* OR *cpe:2.3:o:cisco:ios_xe:15.2(07)e03:*:*:*:*:*:*:*
CPE Deprecation Remap by [email protected]

Oct. 27, 2022

Action Type Old Value New Value

Changed CPE Configuration OR *cpe:2.3:a:cisco:ios_xe:17.6.1:*:*:*:*:*:*:* OR *cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*
CVE Modified by [email protected]

Oct. 12, 2022

Action Type Old Value New Value

Added Reference https://kb.cert.org/vuls/id/855201 [No Types Assigned]

Added Reference https://blog.champtar.fr/VLAN0_LLC_SNAP/ [No Types Assigned]

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:cisco:ios_xe:15.2(07)e02:::::::	OR cpe:2.3:o:cisco:ios_xe:15.2(07)e02:::::::

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:cisco:ios_xe:17.4.1:::::::	OR cpe:2.3:o:cisco:ios_xe:17.4.1:::::::

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:cisco:ios_xe:15.2(07)e03:::::::	OR cpe:2.3:o:cisco:ios_xe:15.2(07)e03:::::::

Action	Type	Old Value	New Value
Changed	CPE Configuration	OR cpe:2.3:a:cisco:ios_xe:17.6.1:::::::	OR cpe:2.3:o:cisco:ios_xe:17.6.1:::::::

Action	Type	Old Value	New Value
Added	Reference		https://kb.cert.org/vuls/id/855201 [No Types Assigned]
Added	Reference		https://blog.champtar.fr/VLAN0_LLC_SNAP/ [No Types Assigned]

Initial Analysis by [email protected]

Oct. 03, 2022

Action	Type	Old Value	New Value
Added	CVSS V3.1		NIST AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N
Changed	Reference Type	https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/ No Types Assigned	https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08/ Technical Description, Third Party Advisory
Changed	Reference Type	https://standards.ieee.org/ieee/802.1Q/10323/ No Types Assigned	https://standards.ieee.org/ieee/802.1Q/10323/ Vendor Advisory
Changed	Reference Type	https://standards.ieee.org/ieee/802.2/1048/ No Types Assigned	https://standards.ieee.org/ieee/802.2/1048/ Vendor Advisory
Changed	Reference Type	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX No Types Assigned	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX Third Party Advisory
Added	CWE		NIST CWE-290
Added	CPE Configuration		OR cpe:2.3:a:ieee:ieee_802.2::::::::* versions up to (including) 802.2h-1997
Added	CPE Configuration		OR cpe:2.3:a:ietf:p802.1q::::::::* versions up to (including) d1.0
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6503-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6503-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6504-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6504-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6506-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6506-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6509-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6509-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6509-neb-a_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6509-neb-a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6509-v-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6509-v-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6513-e_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6513-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6807-xl_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6807-xl:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6840-x_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6840-x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6880-x_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6880-x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_c6816-x-le_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_c6816-x-le:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_c6824-x-le-40g_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_c6824-x-le-40g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_c6832-x-le_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_c6832-x-le:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_c6840-x-le-40g_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_c6840-x-le-40g:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:catalyst_6800ia_firmware:15.5\(01.01.85\)sy07::::::: OR cpe:2.3:h:cisco:catalyst_6800ia:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:a:cisco:ios_xe:15.2\(07\)e02::::::: cpe:2.3:a:cisco:ios_xe:15.2\(07\)e03::::::: cpe:2.3:a:cisco:ios_xe:17.3.3::::::: cpe:2.3:a:cisco:ios_xe:17.4.1::::::: cpe:2.3:a:cisco:ios_xe:17.6.1::::::: OR cpe:2.3:h:cisco:catalyst_3650-12x48fd-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48fd-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48fd-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uq-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uq-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uq-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48ur-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48ur-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48ur-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uz-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uz-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-12x48uz-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pd-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pd-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pd-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pdm-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pdm-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24pdm-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ps-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ps-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ps-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24td-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24td-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24td-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ts-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ts-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-24ts-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fd-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fd-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fd-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fq-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fq-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fq-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fqm-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fqm-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fqm-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fs-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48fs-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pd-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pd-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pd-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pq-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pq-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48pq-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ps-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ps-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ps-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48td-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48td-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48td-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48tq-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48tq-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48tq-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ts-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ts-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-48ts-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24pd-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24pd-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24pd-s:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24uq-e:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24uq-l:-:::::::* cpe:2.3:h:cisco:catalyst_3650-8x24uq-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-12s-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-12s-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-12xs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-12xs-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-16xs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-16xs-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24p-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24p-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24pw-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24s-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24s-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24t-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24t-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24t-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24u-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24u-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24u-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24xs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24xs-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24xu-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24xu-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-24xu-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-32xs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-32xs-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48f-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48f-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48f-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48p-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48p-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48p-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48pw-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48t-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48t-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48t-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48u-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48u-l:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48u-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48xs-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48xs-f-e:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48xs-f-s:-:::::::* cpe:2.3:h:cisco:catalyst_3850-48xs-s:-:::::::* cpe:2.3:h:cisco:catalyst_9200:-:::::::* cpe:2.3:h:cisco:catalyst_9200cx:-:::::::* cpe:2.3:h:cisco:catalyst_9200l:-:::::::* cpe:2.3:h:cisco:catalyst_9300:-:::::::* cpe:2.3:h:cisco:catalyst_9300l:-:::::::* cpe:2.3:h:cisco:catalyst_9300lm:-:::::::* cpe:2.3:h:cisco:catalyst_9300x:-:::::::* cpe:2.3:h:cisco:catalyst_9400:-:::::::* cpe:2.3:h:cisco:catalyst_9500:-:::::::* cpe:2.3:h:cisco:catalyst_9500h:-:::::::* cpe:2.3:h:cisco:catalyst_9600:-:::::::* cpe:2.3:h:cisco:catalyst_9600x:-:::::::* cpe:2.3:h:cisco:catalyst_c3850-12x48u-e:-:::::::* cpe:2.3:h:cisco:catalyst_c3850-12x48u-l:-:::::::* cpe:2.3:h:cisco:catalyst_c3850-12x48u-s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms390_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms390:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms210_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms210:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms225_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms225:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms250_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms250:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms350_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms350:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms355_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms355:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms410_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms410:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms420_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms420:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms425_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms425:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:meraki_ms450_firmware:-::::::: OR cpe:2.3:h:cisco:meraki_ms450:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93180yc-ex_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93180yc-ex:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93180yc-fx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93180yc-fx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93180yc-fx3:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93240yc-fx2_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93240yc-fx2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93360yc-fx2_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93360yc-fx2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93120tx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93120tx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93108tc-ex_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93108tc-ex:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9348gc-fxp_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9348gc-fxp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93108tc-fx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93108tc-fx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93108tc-fx3p_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93108tc-fx3p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_93216tc-fx2_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_93216tc-fx2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-c9316d-gx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-c9316d-gx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-c93600cd-gx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-c93600cd-gx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-c9332d-gx2b_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-c9332d-gx2b:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-c9348d-gx2a_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-c9348d-gx2a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-c9364d-gx2a_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-c9364d-gx2a:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x97160yc-ex_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x97160yc-ex:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9788tc-fx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9788tc-fx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9564px_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9564px:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9464px_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9464px:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9564tx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9564tx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9464tx2_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9464tx2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9636pq_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9636pq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_x9636q-r_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_x9636q-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9536pq_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9536pq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9432pq_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9432pq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9736pq_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9736pq:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9736c-fx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9736c-fx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9732c-ex_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9732c-ex:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9732c-fx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9732c-fx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9736c-ex_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9736c-ex:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9636c-rx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9636c-rx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9636c-r_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9636c-r:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:n9k-x9432c-s_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:n9k-x9432c-s:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9716d-gx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9716d-gx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9504_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9504:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9508_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9508:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9516_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9516:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_92160yc-x_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_92160yc-x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9272q_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9272q:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_92304qc_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_92304qc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9236c_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9236c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_92300yc_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_92300yc:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_92348gc-x_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_92348gc-x:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9364c_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9364c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9336c-fx2_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9336c-fx2:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9336c-fx2-e_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9336c-fx2-e:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9332c_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9332c:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9364c-gx_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9364c-gx:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:nexus_9800_firmware:9.3\(5\)::::::: OR cpe:2.3:h:cisco:nexus_9800:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf500-24_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf500-24:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf-500-24mp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf-500-24mp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf500-24p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf500-24p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf500-48_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf500-48:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf500-48mp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf500-48mp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sf500-18p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sf500-18p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-28_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-28:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-28mpp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-28mpp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-28p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-28p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-52_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-52:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-52mp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-52mp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500-52p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500-52p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-24_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-24:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-24mpp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-24mpp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-24p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-24p:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-48_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-48:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-48mpp_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-48mpp:-:::::::*
Added	CPE Configuration		AND OR cpe:2.3:o:cisco:sg500x-48p_firmware:3.0.0.61::::::: OR cpe:2.3:h:cisco:sg500x-48p:-:::::::*

CVE Modified by [email protected]

Sep. 27, 2022

Action Type Old Value New Value

Added Reference https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX [No Types Assigned]

Action	Type	Old Value	New Value
Added	Reference		https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX [No Types Assigned]

EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.

CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2021-27853 is associated with the following CWEs:

CWE-290: Authentication Bypass by Spoofing

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2021-27853 weaknesses.

CAPEC-21: Exploitation of Trusted Identifiers Exploitation of Trusted Identifiers CAPEC-22: Exploiting Trust in Client Exploiting Trust in Client CAPEC-59: Session Credential Falsification through Prediction Session Credential Falsification through Prediction CAPEC-60: Reusing Session IDs (aka Session Replay) Reusing Session IDs (aka Session Replay) CAPEC-94: Adversary in the Middle (AiTM) Adversary in the Middle (AiTM) CAPEC-459: Creating a Rogue Certification Authority Certificate Creating a Rogue Certification Authority Certificate CAPEC-461: Web Services API Signature Forgery Leveraging Hash Function Extension Weakness Web Services API Signature Forgery Leveraging Hash Function Extension Weakness CAPEC-473: Signature Spoof Signature Spoof CAPEC-476: Signature Spoofing by Misrepresentation Signature Spoofing by Misrepresentation CAPEC-667: Bluetooth Impersonation AttackS (BIAS) Bluetooth Impersonation AttackS (BIAS)

CVE-2021-27853

Fortinet Layer 2 Network Filtering Bypass Vulnerability

Description

INFO

Sept. 27, 2022, 6:15 p.m.

Nov. 16, 2022, 5:26 p.m.

[email protected]

No

1.4

2.8

Affected Products

References to Advisories, Solutions, and Tools

CVE Modified by [email protected]

Modified Analysis by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CPE Deprecation Remap by [email protected]

CVE Modified by [email protected]

Initial Analysis by [email protected]

CVE Modified by [email protected]

CWE - Common Weakness Enumeration

Common Attack Pattern Enumeration and Classification (CAPEC)

Exploit Prediction

0.06 }} 0.01%

0.24235

CVSS31 - Vulnerability Scoring System

Theme Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable