Security News > 2022 > September > Ethernet VLAN Stacking flaws let hackers launch DoS, MiTM attacks
Four vulnerabilities in the widely adopted 'Stacked VLAN' Ethernet feature allows attackers to perform denial-of-service or man-in-the-middle attacks against network targets using custom-crafted packets.
Stacked VLANs, also known as VLAN Stacking, is a feature in modern routers and switches that allows companies to encapsulate multiple VLAN IDs into a single VLAN connection shared with an upstream provider.
"With stacked VLANs, service providers can use a unique VLAN to support customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service-provider infrastructure even when they appear to be on the same VLAN," explains Cisco's documentation on the feature.
The vulnerabilities exist in the Ethernet encapsulation protocols that allow the stacking of Virtual Local Area Network headers.
CVE-2021-27854 Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers in Ethernet to Wifi frame translation, and the reverse Wifi to Ethernet.
One thing to note is that in modern cloud-based virtualization and virtual networking products, the L2 network capability extends beyond LAN, so the exposure of these flaws could be extended to the internet.
News URL
Related news
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- MiTM phishing attack can let attackers unlock and steal a Tesla (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)
- New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems (source)
- New ‘Loop DoS’ attack may impact up to 300,000 online systems (source)
- Some 300,000 IPs vulnerable to this Loop DoS attack (source)
- Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others (source)
- US sanctions APT31 hackers behind critical infrastructure attacks (source)
- Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2021-27854 | Authentication Bypass by Spoofing vulnerability in multiple products Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse. | 4.7 |