Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

L2 Network Security Control Bypass Flaws Impact Multiple Cisco Products

Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls.

Cisco this week has confirmed that tens of its enterprise routers and switches are impacted by bypass vulnerabilities in the Layer-2 (L2) network security controls.

An attacker can bypass the controls provided by these enterprise devices by sending crafted packets that would trigger a denial-of-service (DoS) or allow them to perform a man-in-the-middle (MitM) attack.

A total of four medium-severity security issues were found in the L2 network security controls, in the Ethernet encapsulation protocols, the CERT Coordination Center (CERT/CC) at the Carnegie Mellon University notes in an advisory.

Tracked as CVE-2021-27853, CVE-2021-27854, CVE-2021-27861 and CVE-2021-27862, each of these vulnerabilities represents a different type of bypass of Layer 2 network packet inspection functionality.

The bugs allow for stacking of virtual local area network (VLAN) headers and 802.2 LLC/SNAP headers, enabling an attacker to bypass a device’s various filtering capabilities, including IPv6 RA Guard, Dynamic ARP inspection, and IPv6 Neighbor Discovery (ND) protection.

“An attacker can bypass security controls and deceive a locally connected target host to route traffic to arbitrary destinations. Victim devices experience either a DoS (blackholing traffic) or MitM (observing the unencrypted traffic and maybe breaking encryption),” CERT/CC’s advisory reads.

CERT/CC says that more than 200 vendors have been warned of these vulnerabilities, but that only two of them have confirmed impact, namely Cisco and Juniper Networks.

While Juniper Networks considers the severity of these bugs to be under their “threshold for publication,” this week Cisco issued an advisory to share details on potentially impacted devices.

Advertisement. Scroll to continue reading.

The tech giant says that multiple enterprise router and switch models running its IOS, IOS XE, IOS XR, and NX-OS software are impacted, as well as several small business switch models, but notes that no firmware update will be released for most of the impacted products.

According to Cisco, software releases 17.6.3 and 17.8.1 for IOS XE switches contain patches for CVE-2021-27853.

CVE-2021-27854 and CVE-2021-27862, Cisco says, do not impact its products. However, while investigating the potential impact of CVE-2021-27854 on its access points, the tech giant identified another medium-severity issue in these products.

Tracked as CVE-2022-20728, the security flaw could allow an “unauthenticated, adjacent attacker to inject packets from the native VLAN to clients within nonnative VLANs on an affected device,” Cisco explains.

The company also notes that it is aware that proof-of-concept (PoC) exploit code targeting these vulnerabilities exists publicly.

Related: Cisco Patches High-Severity Vulnerabilities in Business Switches

Related: Cisco Patches High-Severity Vulnerability in Security Solutions

Related: Cisco Patches Critical Vulnerability in Email Security Appliance

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.