all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

VU#855201: L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers

Add to bookmarks
Sept. 27, 2022, 4:13 p.m. |

CERT Recently Published Vulnerability Notes kb.cert.org

Overview


Layer-2 (L2) network security controls provided by various devices, such as switches, routers, and operating systems, can be bypassed by stacking Ethernet protocol headers. An attacker can send crafted packets through vulnerable devices to cause Denial-of-service (DoS) or to perform a man-in-the-middle (MitM) attack against a target network.


Description


This vulnerability exists within Ethernet encapsulation protocols that allow for stacking of Virtual Local Area Network (VLAN) headers. Network standards such as IEEE 802.1Q-1998 and IEEE 802.3 define a system …

controls headers network network security security security controls vlan

Visit resource

More from kb.cert.org / CERT Recently Published Vulnerability Notes

VU#253266: Keras 2 Lambda Layers Allow Arbitrary Code Injection in TensorFlow Models 1 week, 2 days ago | kb.cert.org
application arbitrary code attacker attackers +14
VU#123335: Multiple Programming Languages Fail to Escape Arguments Properly in Microsoft Windows 2 weeks, 1 day ago | kb.cert.org
arbitrary code attackers cases code +15
VU#155143: Linux kernel on Intel systems is susceptible to Spectre v2 attacks 2 weeks, 2 days ago | kb.cert.org
architectures attacker attacks bhi +20
VU#421644: HTTP/2 CONTINUATION frames can be utilized for DoS attacks 3 weeks, 1 day ago | kb.cert.org
attacks can dos fragments +6
VU#417980: UDP-based, application-layer protocol implementations are vulnerable to network loops 1 month ago | kb.cert.org
abuse application applications attacker +18
VU#488902: CPU hardware utilizing speculative execution may be vulnerable to speculative race conditions 1 month, 1 week ago | kb.cert.org
architectures attacker can conditions +13
VU#949046: Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file … 1 month, 2 weeks ago | kb.cert.org
app attacks bluetooth called +11
VU#446598: GPU kernel implementations susceptible to memory leak 3 months, 1 week ago | kb.cert.org
access amd apple attacker +18
VU#302671: SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies 3 months, 1 week ago | kb.cert.org
attacker bypass can data +17

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

IT Security Manager

@ Teltonika | Vilnius/Kaunas, VL, LT
View on infosec-jobs.com

Security Officer - Part Time - Harrah's Gulf Coast

@ Caesars Entertainment | Biloxi, MS, United States
View on infosec-jobs.com

DevSecOps Full-stack Developer

@ Peraton | Fort Gordon, GA, United States
View on infosec-jobs.com

Cybersecurity Cooperation Lead

@ Peraton | Stuttgart, AE, United States
View on infosec-jobs.com

Cybersecurity Engineer - Malware & Forensics

@ ManTech | 201DU - Customer Site,Herndon, VA
View on infosec-jobs.com
View more jobs