VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers | allinfosecnews.com

Sept. 27, 2022, 4:13 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview

Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.

Description

This vulnerability exists within Ethernet encapsulation protocols that allow for stacking of Virtual Local Area Network (VLAN) headers. Network standards such as IEEE 802.1Q-1998 and IEEE 802.3 define a system …

controls headers network network security security security controls vlan

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#163057: BMC software fails to validate IPMI session. 1 month ago | kb.cert.org

abuse access attacker baseboard management controller +17

VU#238194: R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds … 1 month ago | kb.cert.org

arbitrary code arbitrary code execution attacker can +15

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 month, 2 weeks ago | kb.cert.org

application arbitrary code attacker attackers +14

VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 1 month, 3 weeks ago | kb.cert.org

arbitrary code attackers cases code +15

VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 1 month, 3 weeks ago | kb.cert.org

architectures attacker attacks bhi +20

VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 1 month, 4 weeks ago | kb.cert.org

attacks can dos fragments +6

VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 2 months, 1 week ago | kb.cert.org

abuse application applications attacker +18

VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 2 months, 2 weeks ago | kb.cert.org

architectures attacker can conditions +13

VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 2 months, 3 weeks ago | kb.cert.org

app attacks bluetooth called +11

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com