MidnightBSD

Advisories for ieee

CVE-2004-0459 MEDIUM

The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ieee 802.11_wireless_protocol *
CVE-2004-1038 HIGH

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ieee firewire_ieee 1394
CVE-2020-24586 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that received fragments be cleared from memory after (re)connecting to a network. Under the right circumstances, when another device sends fragmented frames encrypted using WEP, CCMP, or GCMP, this can be abused to inject arbitrary network packets and/or exfiltrate user data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
ieee ieee_802.11 *
intel ac_9462_firmware *
intel ac_7265_firmware *
intel ac_8260_firmware *
linux mac80211 -
linux linux_kernel *
debian debian_linux 9.0
intel ac_3165_firmware *
arista c-260_firmware *
intel ax1675_firmware -
arista c-235_firmware *
intel ax200_firmware *
intel ac_9560_firmware *
arista c-200_firmware *
intel ac_9461_firmware *
intel ax210_firmware *
intel ac_9260_firmware *
arista c-230_firmware *
intel ac_3168_firmware *
intel ac_1550_firmware -
intel ax201_firmware *
intel ac_8265_firmware *
intel ax1650_firmware -
arista c-250_firmware *
CVE-2020-24587 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that all fragments of a frame are encrypted under the same key. An adversary can abuse this to decrypt selected fragments when another device sends fragmented frames and the WEP, CCMP, or GCMP encryption key is periodically renewed.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 2.6 LOW CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N 1.2 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco catalyst_9115_ap_firmware -
intel wi-fi_6_ax200_firmware -
intel proset_ac_8265_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
cisco webex_board_70_firmware -
cisco meraki_mr46e_firmware -
cisco aironet_3800e_firmware -
cisco meraki_gr60_firmware -
intel proset_ac_9260_firmware -
cisco catalyst_iw6300_firmware -
cisco aironet_1800_firmware -
cisco aironet_2702_firmware -
cisco meraki_mr36_firmware -
arista w-68_firmware -
cisco meraki_mr32_firmware -
intel proset_ac_8260_firmware -
linux mac80211 -
linux linux_kernel *
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1810w_firmware -
intel proset_ac_9560_firmware -
intel proset_wi-fi_6e_ax210_firmware -
cisco esw6300_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco webex_board_55_firmware -
cisco aironet_iw3702_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
cisco aironet_3800p_firmware -
cisco catalyst_9130_firmware -
cisco ip_phone_6861_firmware -
cisco webex_room_70_firmware -
arista c-235_firmware -
cisco catalyst_9117axi_firmware -
cisco webex_board_85s_firmware -
cisco catalyst_9105_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr26_firmware -
cisco webex_room_55_dual_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco aironet_2800i_firmware -
cisco catalyst_9115axe_firmware -
arista c-130_firmware -
cisco meraki_mr86_firmware -
cisco catalyst_9124axi_firmware -
cisco catalyst_9120_firmware -
cisco meraki_mr12_firmware -
cisco aironet_2800_firmware -
cisco meraki_mr62_firmware -
cisco webex_board_70s_firmware -
cisco webex_room_kit_firmware -
cisco meraki_mr84_firmware -
cisco ip_phone_8832_firmware -
cisco aironet_1842_firmware -
cisco meraki_gr10_firmware -
cisco aironet_1810_firmware -
cisco catalyst_9124_firmware -
intel wi-fi_6_ax201_firmware -
cisco aironet_1552h_firmware -
cisco catalyst_9120_ap_firmware -
cisco aironet_1552_firmware -
cisco meraki_mr55_firmware -
cisco meraki_mr76_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco aironet_1542d_firmware -
cisco catalyst_iw6300_ac_firmware -
cisco meraki_mr33_firmware -
arista c-200_firmware -
cisco aironet_1532_firmware -
cisco webex_dx70_firmware -
cisco meraki_mx68cw_firmware -
cisco meraki_mr72_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mr70_firmware -
cisco meraki_mr42_firmware -
cisco meraki_mr53e_firmware -
cisco meraki_z3_firmware -
cisco aironet_2800e_firmware -
intel ac_8265_firmware -
cisco 1109-2p_firmware -
cisco 1100_firmware -
cisco aironet_1852_firmware -
intel ac_9560_firmware -
cisco catalyst_9124axd_firmware -
cisco ip_phone_8861_firmware -
cisco aironet_1572_firmware -
intel proset_ac_9462_firmware -
cisco meraki_mr30h_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9120axp_firmware -
cisco webex_board_55s_firmware -
cisco catalyst_9120axe_firmware -
arista c-75_firmware -
cisco meraki_mr52_firmware -
intel killer_ac_1550_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
cisco aironet_1702_firmware -
arista c-250_firmware -
arista c-65_firmware -
arista c-100_firmware -
cisco catalyst_9130axe_firmware -
cisco 1100-8p_firmware -
cisco 1101-4p_firmware -
cisco aironet_ap803_firmware -
debian debian_linux 9.0
cisco ir829gw-lte-vz-ak9_firmware -
cisco aironet_1542i_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_1832_firmware -
cisco meraki_mr46_firmware -
cisco aironet_1800i_firmware -
cisco meraki_mx67cw_firmware -
cisco catalyst_9115axi_firmware -
cisco ip_phone_8821_firmware -
cisco meraki_mr66_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco webex_room_55_firmware -
cisco webex_dx80_firmware -
cisco ir829-2lte-ea-bk9_firmware -
cisco aironet_3800_firmware -
arista w-118_firmware -
cisco aironet_1815_firmware -
cisco webex_room_kit_mini_firmware -
cisco catalyst_9105axi_firmware -
cisco 1109-4p_firmware -
cisco meraki_mr74_firmware -
arista c-260_firmware -
cisco catalyst_9130_ap_firmware -
cisco meraki_z3c_firmware -
intel proset_ac_3168_firmware -
arista c-230_firmware -
cisco catalyst_iw6300_dc_firmware -
ieee ieee_802.11 *
cisco webex_room_70_single_firmware -
cisco meraki_mx65w_firmware -
cisco meraki_mr42e_firmware -
cisco meraki_mr45_firmware -
arista c-120_firmware -
cisco ip_phone_8865_firmware -
intel proset_ac_3165_firmware -
cisco catalyst_9115_firmware -
cisco catalyst_9117_firmware -
arista o-105_firmware -
cisco aironet_1815i_firmware -
arista o-90_firmware -
cisco 1100-4p_firmware -
cisco meraki_mx67w_firmware -
cisco aironet_3800i_firmware -
cisco aironet_3702_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr20_firmware -
cisco catalyst_iw6300_dcw_firmware -
cisco meraki_mr56_firmware -
intel proset_ac_9461_firmware -
intel ac_9260_firmware -
cisco aironet_4800_firmware -
cisco catalyst_9105axw_firmware -
cisco webex_room_70_single_g2_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco meraki_mx64w_firmware -
cisco webex_room_70_dual_firmware -
arista c-110_firmware -
cisco meraki_mr44_firmware -
cisco meraki_mr53_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel ac_8260_firmware -
cisco meraki_mx68w_firmware -
cisco catalyst_9130axi_firmware -
CVE-2020-24588 LOW

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.5 LOW CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N 2.1 1.4

CVSS 2.0

Severity: LOW

Problem Type: CWE-327,

Products Affected

Vendor Product Version
cisco catalyst_9115_ap_firmware -
microsoft windows_7 -
intel wi-fi_6_ax200_firmware -
intel proset_ac_8265_firmware -
cisco ir829gw-lte-ga-ek9_firmware -
cisco webex_board_70_firmware -
microsoft windows_server_2008 r2
cisco meraki_mr46e_firmware -
microsoft windows_server_2012 -
cisco meraki_gr60_firmware -
intel proset_ac_9260_firmware -
cisco aironet_1800_firmware -
cisco meraki_mr36_firmware -
siemens scalance_wam763-1_firmware -
arista w-68_firmware -
siemens scalance_w722-1_firmware -
microsoft windows_server_2016 -
cisco meraki_mr32_firmware -
intel proset_ac_8260_firmware -
linux mac80211 -
linux linux_kernel *
intel proset_wireless_7265_(rev_d)_firmware -
cisco aironet_1810w_firmware -
intel proset_ac_9560_firmware -
intel proset_wi-fi_6e_ax210_firmware -
siemens scalance_w786-1_firmware -
intel proset_wi-fi_6_ax201_firmware -
cisco webex_board_55_firmware -
microsoft windows_10 1809
cisco aironet_iw3702_firmware -
cisco ir829gw-lte-ga-sk9_firmware -
siemens scalance_w761-1_firmware -
cisco catalyst_9130_firmware -
cisco ip_phone_6861_firmware -
cisco webex_room_70_firmware -
siemens scalance_w788-1_firmware -
arista c-235_firmware -
microsoft windows_10 1909
cisco catalyst_9117axi_firmware -
cisco webex_board_85s_firmware -
cisco catalyst_9105_firmware -
siemens scalance_w734-1_firmware -
cisco ir829gw-lte-ga-ck9_firmware -
cisco meraki_mr26_firmware -
cisco webex_room_55_dual_firmware -
cisco ir829gw-lte-na-ak9_firmware -
cisco catalyst_9115axe_firmware -
siemens scalance_wum763-1_firmware -
arista c-130_firmware -
siemens scalance_w1750d_firmware -
cisco meraki_mr86_firmware -
siemens scalance_w1788-2_firmware -
cisco catalyst_9124axi_firmware -
cisco catalyst_9120_firmware -
cisco meraki_mr12_firmware -
cisco meraki_mr62_firmware -
cisco webex_board_70s_firmware -
siemens scalance_wum766-1_firmware -
cisco webex_room_kit_firmware -
cisco meraki_mr84_firmware -
cisco ip_phone_8832_firmware -
cisco aironet_1842_firmware -
cisco meraki_gr10_firmware -
siemens scalance_w1748-1_firmware -
cisco aironet_1810_firmware -
cisco catalyst_9124_firmware -
siemens scalance_w786-2_firmware -
intel wi-fi_6_ax201_firmware -
cisco catalyst_9120_ap_firmware -
cisco meraki_mr55_firmware -
cisco meraki_mr76_firmware -
intel proset_wi-fi_6_ax200_firmware -
cisco aironet_1542d_firmware -
cisco meraki_mr33_firmware -
arista c-200_firmware -
cisco aironet_1532_firmware -
cisco webex_dx70_firmware -
siemens scalance_w774-1_firmware -
cisco meraki_mx68cw_firmware -
cisco meraki_mr72_firmware -
cisco ir829-2lte-ea-ek9_firmware -
cisco meraki_mr70_firmware -
cisco meraki_mr42_firmware -
siemens scalance_wam766-1_6ghz_firmware -
cisco meraki_mr53e_firmware -
cisco meraki_z3_firmware -
intel ac_8265_firmware -
cisco 1109-2p_firmware -
cisco 1100_firmware -
cisco aironet_1852_firmware -
intel ac_9560_firmware -
cisco catalyst_9124axd_firmware -
cisco ip_phone_8861_firmware -
intel proset_ac_9462_firmware -
cisco meraki_mr30h_firmware -
cisco meraki_mr34_firmware -
cisco catalyst_9120axp_firmware -
cisco webex_board_55s_firmware -
microsoft windows_10 -
cisco catalyst_9120axe_firmware -
arista c-75_firmware -
cisco meraki_mr52_firmware -
intel killer_ac_1550_firmware -
intel killer_wi-fi_6e_ax1675_firmware -
arista c-250_firmware -
arista c-65_firmware -
arista c-100_firmware -
cisco catalyst_9130axe_firmware -
microsoft windows_rt_8.1 -
cisco 1100-8p_firmware -
cisco 1101-4p_firmware -
siemens scalance_w738-1_firmware -
siemens scalance_wum766-1_6ghz_firmware -
cisco aironet_ap803_firmware -
microsoft windows_10 1607
debian debian_linux 9.0
cisco ir829gw-lte-vz-ak9_firmware -
cisco aironet_1542i_firmware -
cisco catalyst_9117_ap_firmware -
cisco aironet_1832_firmware -
cisco meraki_mr46_firmware -
siemens scalance_w1788-1_firmware -
cisco aironet_1800i_firmware -
cisco meraki_mx67cw_firmware -
cisco catalyst_9115axi_firmware -
siemens scalance_w1788-2ia_firmware -
cisco ip_phone_8821_firmware -
cisco meraki_mr66_firmware -
intel killer_wi-fi_6_ax1650_firmware -
cisco webex_room_55_firmware -
cisco webex_dx80_firmware -
cisco ir829-2lte-ea-bk9_firmware -
arista w-118_firmware -
cisco aironet_1815_firmware -
cisco webex_room_kit_mini_firmware -
cisco catalyst_9105axi_firmware -
microsoft windows_8.1 -
microsoft windows_10 1803
cisco 1109-4p_firmware -
cisco meraki_mr74_firmware -
arista c-260_firmware -
cisco catalyst_9130_ap_firmware -
cisco meraki_z3c_firmware -
intel proset_ac_3168_firmware -
siemens scalance_w786-2ia_firmware -
arista c-230_firmware -
ieee ieee_802.11 *
microsoft windows_server_2016 2004
cisco webex_room_70_single_firmware -
cisco meraki_mx65w_firmware -
cisco meraki_mr42e_firmware -
cisco meraki_mr45_firmware -
arista c-120_firmware -
cisco ip_phone_8865_firmware -
microsoft windows_10 20h2
intel proset_ac_3165_firmware -
cisco catalyst_9115_firmware -
cisco catalyst_9117_firmware -
arista o-105_firmware -
cisco aironet_1815i_firmware -
microsoft windows_server_2019 -
arista o-90_firmware -
cisco 1100-4p_firmware -
siemens scalance_w778-1_firmware -
microsoft windows_server_2008 -
cisco meraki_mx67w_firmware -
siemens scalance_w788-2_firmware -
cisco catalyst_9120axi_firmware -
cisco meraki_mr20_firmware -
cisco meraki_mr56_firmware -
intel proset_ac_9461_firmware -
intel ac_9260_firmware -
cisco catalyst_9105axw_firmware -
cisco webex_room_70_single_g2_firmware -
cisco ir829-2lte-ea-ak9_firmware -
cisco meraki_mx64w_firmware -
cisco webex_room_70_dual_firmware -
siemens scalance_w721-1_firmware -
siemens scalance_w748-1_firmware -
siemens scalance_wam766-1_firmware -
arista c-110_firmware -
microsoft windows_10 2004
cisco meraki_mr44_firmware -
cisco meraki_mr53_firmware -
cisco webex_room_70_dual_g2_firmware -
cisco ir829gw-lte-ga-zk9_firmware -
intel ac_8260_firmware -
cisco meraki_mx68w_firmware -
cisco catalyst_9130axi_firmware -
CVE-2021-27853

Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.

Products Affected

Vendor Product Version
cisco nexus_9636pq_firmware 9.3(5)
cisco catalyst_6509-v-e_firmware 15.5(01.01.85)sy07
cisco nexus_x9636q-r_firmware 9.3(5)
cisco sg500x-24_firmware 3.0.0.61
cisco nexus_93360yc-fx2_firmware 9.3(5)
cisco nexus_9272q_firmware 9.3(5)
cisco nexus_9800_firmware 9.3(5)
cisco catalyst_c6840-x-le-40g_firmware 15.5(01.01.85)sy07
cisco catalyst_6880-x_firmware 15.5(01.01.85)sy07
cisco meraki_ms450_firmware -
cisco meraki_ms350_firmware -
cisco sf-500-24mp_firmware 3.0.0.61
cisco nexus_9348gc-fxp_firmware 9.3(5)
cisco sf500-24p_firmware 3.0.0.61
cisco nexus_9736pq_firmware 9.3(5)
cisco n9k-x9432c-s_firmware 9.3(5)
cisco nexus_9336c-fx2-e_firmware 9.3(5)
cisco sf500-24_firmware 3.0.0.61
cisco sg500-52_firmware 3.0.0.61
cisco n9k-x9464tx2_firmware 9.3(5)
cisco n9k-x9788tc-fx_firmware 9.3(5)
cisco sg500x-48_firmware 3.0.0.61
cisco nexus_9716d-gx_firmware 9.3(5)
cisco sg500-28_firmware 3.0.0.61
cisco nexus_92348gc-x_firmware 9.3(5)
cisco nexus_9332c_firmware 9.3(5)
cisco catalyst_c6824-x-le-40g_firmware 15.5(01.01.85)sy07
cisco ios_xe 15.2(07)e02
cisco n9k-x9736c-fx_firmware 9.3(5)
cisco n9k-x9732c-fx_firmware 9.3(5)
cisco meraki_ms390_firmware -
cisco nexus_93180yc-ex_firmware 9.3(5)
cisco n9k-x9564tx_firmware 9.3(5)
cisco n9k-x9464px_firmware 9.3(5)
cisco catalyst_6800ia_firmware 15.5(01.01.85)sy07
cisco meraki_ms410_firmware -
cisco meraki_ms355_firmware -
cisco catalyst_6504-e_firmware 15.5(01.01.85)sy07
cisco catalyst_6807-xl_firmware 15.5(01.01.85)sy07
cisco sg500x-24mpp_firmware 3.0.0.61
cisco catalyst_6509-neb-a_firmware 15.5(01.01.85)sy07
cisco nexus_92300yc_firmware 9.3(5)
cisco catalyst_c6816-x-le_firmware 15.5(01.01.85)sy07
cisco ios_xe 17.4.1
cisco nexus_9508_firmware 9.3(5)
cisco sf500-18p_firmware 3.0.0.61
cisco meraki_ms210_firmware -
cisco catalyst_6513-e_firmware 15.5(01.01.85)sy07
cisco nexus_93180yc-fx_firmware 9.3(5)
cisco ios_xe 17.3.3
cisco nexus_93180yc-fx3_firmware 9.3(5)
cisco nexus_9504_firmware 9.3(5)
cisco nexus_92160yc-x_firmware 9.3(5)
cisco n9k-c9316d-gx_firmware 9.3(5)
cisco nexus_93240yc-fx2_firmware 9.3(5)
cisco sf500-48mp_firmware 3.0.0.61
cisco meraki_ms420_firmware -
cisco sg500x-48p_firmware 3.0.0.61
cisco nexus_9364c-gx_firmware 9.3(5)
cisco sf500-48_firmware 3.0.0.61
cisco sg500-28p_firmware 3.0.0.61
cisco catalyst_6509-e_firmware 15.5(01.01.85)sy07
cisco n9k-c9332d-gx2b_firmware 9.3(5)
cisco nexus_9236c_firmware 9.3(5)
cisco n9k-x9636c-r_firmware 9.3(5)
cisco nexus_93216tc-fx2_firmware 9.3(5)
cisco n9k-x9732c-ex_firmware 9.3(5)
ieee ieee_802.2 *
cisco ios_xe 15.2(07)e03
cisco n9k-x97160yc-ex_firmware 9.3(5)
cisco nexus_93120tx_firmware 9.3(5)
cisco nexus_9336c-fx2_firmware 9.3(5)
cisco nexus_93108tc-fx3p_firmware 9.3(5)
cisco sg500x-48mpp_firmware 3.0.0.61
cisco nexus_92304qc_firmware 9.3(5)
cisco meraki_ms250_firmware -
cisco sg500-28mpp_firmware 3.0.0.61
cisco n9k-c9348d-gx2a_firmware 9.3(5)
cisco nexus_9516_firmware 9.3(5)
cisco n9k-x9636c-rx_firmware 9.3(5)
cisco meraki_ms225_firmware -
cisco nexus_9536pq_firmware 9.3(5)
cisco catalyst_6503-e_firmware 15.5(01.01.85)sy07
cisco sg500x-24p_firmware 3.0.0.61
cisco n9k-c93600cd-gx_firmware 9.3(5)
cisco sg500-52p_firmware 3.0.0.61
cisco ios_xe 17.6.1
cisco catalyst_6506-e_firmware 15.5(01.01.85)sy07
cisco nexus_9364c_firmware 9.3(5)
cisco nexus_93108tc-ex_firmware 9.3(5)
cisco nexus_9432pq_firmware 9.3(5)
cisco sg500-52mp_firmware 3.0.0.61
cisco catalyst_c6832-x-le_firmware 15.5(01.01.85)sy07
cisco n9k-x9736c-ex_firmware 9.3(5)
cisco meraki_ms425_firmware -
cisco n9k-x9564px_firmware 9.3(5)
cisco n9k-c9364d-gx2a_firmware 9.3(5)
cisco catalyst_6840-x_firmware 15.5(01.01.85)sy07
ietf p802.1q *
cisco nexus_93108tc-fx_firmware 9.3(5)
CVE-2021-27854

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ieee ieee_802.2 *
ietf p802.1q *
CVE-2021-27861

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ieee ieee_802.2 *
ietf p802.1q *
CVE-2021-27862

Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.7 MEDIUM CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N 2.8 1.4

Products Affected

Vendor Product Version
ieee ieee_802.2 *
ietf p802.1q *
CVE-2022-47522

The IEEE 802.11 specifications through 802.11ax allow physically proximate attackers to intercept (possibly cleartext) target-destined frames by spoofing a target's MAC address, sending Power Save frames to the access point, and then sending other frames to the access point (such as authentication frames or re-association frames) to remove the target's original security context. This behavior occurs because the specifications do not require an access point to purge its transmit queue before removing a client's pairwise encryption key.

Products Affected

Vendor Product Version
ieee ieee_802.11 *
sonicwall tz350w_firmware -
sonicwall tz350_firmware -
sonicwall soho_250_firmware -
sonicwall tz370_firmware -
sonicwall sonicwave_432o_firmware -
sonicwall tz270_firmware -
sonicwall tz270w_firmware -
sonicwall sonicwave_224w_firmware -
sonicwall sonicwave_231c_firmware -
sonicwall tz570_firmware -
sonicwall tz370w_firmware -
sonicwall sonicwave_681_firmware -
sonicwall tz400_firmware -
sonicwall tz300_firmware -
sonicwall tz600p_firmware -
sonicwall tz670_firmware -
sonicwall soho_250w_firmware -
sonicwall tz570w_firmware -
sonicwall tz470_firmware -
sonicwall tz400w_firmware -
sonicwall tz500_firmware -
sonicwall tz470w_firmware -
sonicwall sonicwave_621_firmware -
sonicwall tz600_firmware -
sonicwall tz570p_firmware -
sonicwall tz300w_firmware -
sonicwall tz500w_firmware -
sonicwall tz300p_firmware -
sonicwall sonicwave_641_firmware -