Cisco this week confirmed that dozens of its enterprise routers and switches were affected by bypassing vulnerabilities in its Layer-2 (L2) network security controls.
An attacker can bypass the controls provided by these enterprise devices by sending fabricated packets that can trigger a denial of service (DoS) or allow them to perform a man-in-the-middle attack. -in-the-middle (MitM).
A total of four medium severity security issues were found in the L2 network security controls, in the Ethernet encapsulated protocols, the CERT Coordination Center (CERT/CC) at Carnegie Mellon University notes. received in a consultation.
Tracked as CVE-2021-27853, CVE-2021-27854, CVE-2021-27861, and CVE-2021-27862, these vulnerabilities each represent a different type of bypass of Layer 2 network packet inspection. .
These flaws allow stacking of virtual local area network (VLAN) and 802.2 LLC/SNAP headers, allowing attackers to bypass various device filtering capabilities, including IPv6 RA Guard, inspection Dynamic ARP and IPv6 Neighbor Discovery (ND) protection.
“An attacker can bypass security controls and trick a locally connected target server into routing traffic to arbitrary destinations. The victim’s devices encounter DoS (black traffic) or MitM (observes unencrypted traffic and can break encryption),” the CERT/CC advice reads.
CERT/CC says that more than 200 vendors have been alerted to these vulnerabilities, but only two of them have confirmed the impact, Cisco and Juniper Networks.
While Juniper Networks considers the severity of these bugs to be below the “disclosure threshold,” this week Cisco issued advice to share details about potentially affected devices.
The tech giant said that many models of enterprise routers and switches running their IOS, IOS XE, IOS XR and NX-OS software are affected, as well as some models of small business switches, but note that no firmware updates will be released for most affected products.
According to Cisco, software releases 17.6.3 and 17.8.1 for the XE IOS switches contain patches for CVE-2021-27853.
Cisco says CVE-2021-27854 and CVE-2021-27862 do not affect their products. However, while investigating the potential impact of CVE-2021-27854 on its access points, the tech giant identified another serious problem in these products.
Tracked as CVE-2022-20728, the vulnerability could allow “adjacent, unauthenticated attackers to inject packets from the original VLAN to clients in idle VLANs on a single device.” affected,” explains Cisco.
The company also notes that it is aware that the proof-of-concept (PoC) exploit code targeting these vulnerabilities exists publicly.
Related: Cisco High Severity Vulnerability Patch in Enterprise Switches
Related: Cisco High Severity Vulnerability Patch in Security Solutions
Related: Cisco patches critical vulnerability in email security appliance
Ionut Arghire is an international correspondent for SecurityWeek.
Card:
