CVE-2021-27853 | L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers

Exp

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Published: 2022-09-27 Last update: 2025-11-04 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2021-27853 is rated Exploit Available (50/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.08%). 1 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2021-27853

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2021-27853

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2025-11-21 0.17% 0.08% -0.08%
2 2025-11-18 0.07% 0.17% +0.10%
3 2025-10-13 0.07%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2021-27853

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
4.7 3.1 MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.8 1.4 [email protected]
4.7 3.1 MEDIUM
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N Click to expand
Attack vector (AV:A)
Attacker has to be nearby on the network—same office, same link, that vibe—not the whole wide internet.
Attack complexity (AC:L)
Once they can reach the bug, pulling it off is straightforward—no weird race conditions or rare setup.
Privileges required (PR:N)
No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N)
Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:C)
Breaking this can reach past the original component and bite other resources—bigger blast radius.
Confidentiality (C:N)
Doesn’t really leak secrets in a meaningful way.
Integrity (I:L)
Attackers could change some data, but it’s limited—not everything goes.
Availability (A:N)
Service keeps running; no real outage angle.
 2.8 1.4 134c704f-9b21-4f2e-91b3-4a467353bcc0

Weakness enumeration for CVE-2021-27853

OS Trackers for CVE-2021-27853

vendor priority summary link
redhat medium https://access.redhat.com/security/cve/CVE-2021-27853
suse medium CVE-2021-27853 severity moderate: SUSE including 14 source package names (kernel-default, kernel-default-base, …), 362 product×package rows across 85 product lines (HPE Helion OpenStack 8, SUSE CaaS Platform 4.0, … (85 product lines)): Known Not Affected 362. https://www.suse.com/security/cve/CVE-2021-27853/

Affected software / configurations for CVE-2021-27853

Vendor Product Version Raw CPE
ieee ieee_802.2 <= 802.2h-1997 cpe:2.3:a:ieee:ieee_802.2:*:*:*:*:*:*:*:*
ietf p802.1q <= d1.0 cpe:2.3:a:ietf:p802.1q:*:*:*:*:*:*:*:*
cisco catalyst_6503-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6503-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6504-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6504-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6506-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6506-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6509-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6509-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6509-neb-a_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6509-neb-a_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6509-v-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6509-v-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6513-e_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6513-e_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6807-xl_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6807-xl_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6840-x_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6840-x_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6880-x_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6880-x_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_c6816-x-le_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_c6816-x-le_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_c6824-x-le-40g_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_c6824-x-le-40g_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_c6832-x-le_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_c6832-x-le_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_c6840-x-le-40g_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_c6840-x-le-40g_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco catalyst_6800ia_firmware 15.5\(01.01.85\)sy07 cpe:2.3:o:cisco:catalyst_6800ia_firmware:15.5\(01.01.85\)sy07:*:*:*:*:*:*:*
cisco ios_xe 17.3.3 cpe:2.3:a:cisco:ios_xe:17.3.3:*:*:*:*:*:*:*
cisco ios_xe 15.2\(07\)e02 cpe:2.3:o:cisco:ios_xe:15.2\(07\)e02:*:*:*:*:*:*:*
cisco ios_xe 15.2\(07\)e03 cpe:2.3:o:cisco:ios_xe:15.2\(07\)e03:*:*:*:*:*:*:*
cisco ios_xe 17.4.1 cpe:2.3:o:cisco:ios_xe:17.4.1:*:*:*:*:*:*:*
cisco ios_xe 17.6.1 cpe:2.3:o:cisco:ios_xe:17.6.1:*:*:*:*:*:*:*
cisco meraki_ms390_firmware cpe:2.3:o:cisco:meraki_ms390_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms210_firmware cpe:2.3:o:cisco:meraki_ms210_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms225_firmware cpe:2.3:o:cisco:meraki_ms225_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms250_firmware cpe:2.3:o:cisco:meraki_ms250_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms350_firmware cpe:2.3:o:cisco:meraki_ms350_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms355_firmware cpe:2.3:o:cisco:meraki_ms355_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms410_firmware cpe:2.3:o:cisco:meraki_ms410_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms420_firmware cpe:2.3:o:cisco:meraki_ms420_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms425_firmware cpe:2.3:o:cisco:meraki_ms425_firmware:-:*:*:*:*:*:*:*
cisco meraki_ms450_firmware cpe:2.3:o:cisco:meraki_ms450_firmware:-:*:*:*:*:*:*:*
cisco nexus_93180yc-ex_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93180yc-ex_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93180yc-fx_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93180yc-fx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93180yc-fx3_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93180yc-fx3_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93240yc-fx2_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93240yc-fx2_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93360yc-fx2_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93360yc-fx2_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93120tx_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93120tx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93108tc-ex_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93108tc-ex_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9348gc-fxp_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9348gc-fxp_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93108tc-fx_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93108tc-fx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93108tc-fx3p_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93108tc-fx3p_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_93216tc-fx2_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_93216tc-fx2_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-c9316d-gx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-c9316d-gx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-c93600cd-gx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-c93600cd-gx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-c9332d-gx2b_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-c9332d-gx2b_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-c9348d-gx2a_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-c9348d-gx2a_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-c9364d-gx2a_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-c9364d-gx2a_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x97160yc-ex_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x97160yc-ex_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9788tc-fx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9788tc-fx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9564px_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9564px_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9464px_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9464px_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9564tx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9564tx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9464tx2_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9464tx2_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9636pq_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9636pq_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_x9636q-r_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_x9636q-r_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9536pq_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9536pq_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9432pq_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9432pq_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9736pq_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9736pq_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9736c-fx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9736c-fx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9732c-ex_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9732c-ex_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9732c-fx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9732c-fx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9736c-ex_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9736c-ex_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9636c-rx_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9636c-rx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9636c-r_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9636c-r_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco n9k-x9432c-s_firmware 9.3\(5\) cpe:2.3:o:cisco:n9k-x9432c-s_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9716d-gx_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9716d-gx_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9504_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9504_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9508_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9508_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9516_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9516_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_92160yc-x_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_92160yc-x_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9272q_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9272q_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_92304qc_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_92304qc_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9236c_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9236c_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_92300yc_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_92300yc_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_92348gc-x_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_92348gc-x_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9364c_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9364c_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9336c-fx2_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9336c-fx2_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9336c-fx2-e_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9336c-fx2-e_firmware:9.3\(5\):*:*:*:*:*:*:*
cisco nexus_9332c_firmware 9.3\(5\) cpe:2.3:o:cisco:nexus_9332c_firmware:9.3\(5\):*:*:*:*:*:*:*

References for CVE-2021-27853

cvelogic Threat Intelligence