5 results (0.010 seconds)

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-27862 – L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with an invalid length during Ethernet to Wifi frame translation

https://notcve.org/view.php?id=CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers). Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida y la conversión de tramas de Ethernet a Wifi (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-27861 – L2 network filtering bypass using stacked VLAN0 and LLC/SNAP headers with invalid lengths

https://notcve.org/view.php?id=CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers) Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando encabezados LLC/SNAP con una longitud no válida (y, opcionalmente, encabezados VLAN0) • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-130: Improper Handling of Length Parameter Inconsistency CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 2EXPL: 0

CVE-2021-27854 – L2 network filtering bypass using stacked VLAN0, LLC/SNAP headers, and Ethernet to Wifi frame translation

https://notcve.org/view.php?id=CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. Las capacidades de filtrado de red de capa 2, como la protección RA de IPv6, pueden omitirse usando combinaciones de encabezados VLAN 0, encabezados LLC/SNAP y convirtiendo tramas de Ethernet a Wifi y su inversa • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 • CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.7EPSS: 0%CPEs: 312EXPL: 1

CVE-2021-27853 – L2 network filtering can be bypassed using stacked VLAN0 and LLC/SNAP headers

https://notcve.org/view.php?id=CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers. Las capacidades de filtrado de la red de capa 2, como la protección IPv6 RA o la inspección ARP, pueden omitirse usando combinaciones de encabezados VLAN 0 y encabezados LLC/SNAP • https://blog.champtar.fr/VLAN0_LLC_SNAP https://datatracker.ietf.org/doc/draft-ietf-v6ops-ra-guard/08 https://kb.cert.org/vuls/id/855201 https://standards.ieee.org/ieee/802.1Q/10323 https://standards.ieee.org/ieee/802.2/1048 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-VU855201-J3z8CKTX • CWE-290: Authentication Bypass by Spoofing •

CVSS: 4.3EPSS: 0%CPEs: 385EXPL: 1

CVE-2020-24588 – kernel: wifi frame payload being parsed incorrectly as an L2 frame

https://notcve.org/view.php?id=CVE-2020-24588

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. El estándar 802.11 que sustenta a Wi-Fi Protected Access (WPA, WPA2, y WPA3) y Wired Equivalent Privacy (WEP) no requiere que el flag A-MSDU en el campo de encabezado QoS de texto plano esté autenticada. Contra dispositivos que admiten la recepción de tramas A-MSDU que no son SSP (que es obligatorio como parte de 802.11n), un adversario puede abusar de esto para inyectar paquetes de red arbitrarios A flaw was found in the Linux kernels wifi implementation. An attacker within wireless broadcast range can inject custom data into the wireless communication circumventing checks on the data. • http://www.openwall.com/lists/oss-security/2021/05/11/12 https://cert-portal.siemens.com/productcert/pdf/ssa-913875.pdf https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html https://lists.debian.org/debian-lts-announce/2023/04/msg00002.html https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wifi-faf-22epcEWu https: • CWE-20: Improper Input Validation CWE-327: Use of a Broken or Risky Cryptographic Algorithm •