Vulnerabilities > Ietf > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-27 CVE-2021-27854 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using combinations of VLAN 0 headers, LLC/SNAP headers, and converting frames from Ethernet to Wifi and its reverse.
low complexity
ieee ietf CWE-290
4.7
2022-09-27 CVE-2021-27861 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length (and optionally VLAN0 headers)
low complexity
ieee ietf CWE-290
4.7
2022-09-27 CVE-2021-27862 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard can be bypassed using LLC/SNAP headers with invalid length and Ethernet to Wifi frame conversion (and optionally VLAN0 headers).
low complexity
ieee ietf CWE-290
4.7
2022-09-27 CVE-2021-27853 Authentication Bypass by Spoofing vulnerability in multiple products
Layer 2 network filtering capabilities such as IPv6 RA guard or ARP inspection can be bypassed using combinations of VLAN 0 headers and LLC/SNAP headers.
low complexity
ieee ietf cisco CWE-290
4.7
2021-01-20 CVE-2020-20949 Inadequate Encryption Strength vulnerability in multiple products
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in STM32 cryptographic firmware library software expansion for STM32Cube (UM1924).
network
st ietf CWE-326
4.3
2021-01-19 CVE-2020-20950 Use of a Broken or Risky Cryptographic Algorithm vulnerability in multiple products
Bleichenbacher's attack on PKCS #1 v1.5 padding for RSA in Microchip Libraries for Applications 2018-11-26 All up to 2018-11-26.
4.3
2018-09-06 CVE-2018-5389 Weak Password Requirements vulnerability in Ietf Internet KEY Exchange 1.0
The Internet Key Exchange v1 main mode is vulnerable to offline dictionary or brute force attacks.
network
high complexity
ietf CWE-521
5.9
2009-01-05 CVE-2004-2761 Cryptographic Issues vulnerability in Ietf MD5
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate.
network
low complexity
ietf CWE-310
5.0