CVE-2021-27862 Filtering on the Layer 2 network can be bypassed using invalid LLC/SNAP headers and Ethernet to Wifi frame conversion.
These types of bypasses are possible if the device that is being targeted is running an operating system that supports these Layer 2 technologies. Operating systems such as Microsoft Windows 10, Linux 4.14 and Cisco IOS 15.6 and later releases support the following Layer 2 technologies: Native VXLAN – Cisco IOS native support for native VXLAN tunneling.
– Cisco IOS native support for native VXLAN tunneling. RFC 6818 – RFC 6818 is the latest version of the SNAP standard. RFC 6818 is currently in Draft status. This means it is still in the process of being finalized.
– RFC 6818 is the latest version of the SNAP standard. RFC 6818 is currently in Draft status. This means it is still in the process of being finalized. Ethernet to Wifi – This technology is used where the Ethernet device does not support the 802.11x standards or the data center equipment does not support the 802.11x standards. The Ethernet to Wifi technology allows the Wifi device to convert the Ethernet frames into 802.11x frames and then transmit them over the Wifi network.
– This technology is used where the Ethernet device does not support the 802.11x standards or the data center equipment does not support the 802.11x standards. The Ethernet to Wifi technology allows the Wifi device to convert the Ethernet frames into 802.11x frames and then transmit them over the Wifi network.
How to Prevent Your Network from Being Targets for Layer 2 Bypass Attacks
The following are some best practices that can be utilized to prevent your network from being targets for Layer 2 bypass attacks:
1. Develop and deploy a strong security policy – The first step in most cases is to develop and implement a strong security policy. This includes making sure you are using the latest security patches and software updates on all of your devices. This may require reconfiguration of the entire data center to ensure that all devices are running the same versions of software.
2. Patch management – This is one of the most important steps in preventing your network from being targets for Layer 2 bypass attacks. You should patch as many systems as possible, with effective patching schedules, to ensure that any vulnerabilities are patched as quickly as possible. It is also important that you equip your staff with current information about the status of each vulnerability and what action needs to be taken before an exploit can be launched against your network.
3. Ensure that all devices support 802.1x authentication – Every device on your network should support 802.1x authentication, including servers and workstations. In addition, if you have any access points on your network, they should also support 802.1x authentication so they can’t help attackers bypass security controls by connecting directly into the wireless LAN infrastructure rather than through a controller or router.
MAC Address Spoofing
MAC address spoofing allows attackers to change their MAC Address. This is one of the easiest ways for an attacker to bypass security on a network.
Mac address spoofing can be used when the device being targeted does not support the 802.11x standards, such as when it is running Microsoft Windows 10. With a MAC address spoofed, an attacker could slip into a protected network with ease and access valuable data that should be protected by security measures.
How VXLAN bypasses work?
To understand how VXLAN bypasses work, it is important to know when they are most likely to occur.
When a Layer 2 packet is received by a device that does not support the native VXLAN protocol, this packet will be processed by the software in the device which routes and switches Ethernet traffic.
If the routing and switching software in an non-supported device does not support VXLAN (OpenFlow), packets will be routed using another Layer 2 technology such as 802.1Qbb or 802.1adb, which will then traverse the data center network and reach their intended destination. The original VXLAN tunneling technology that was transmitted with the original Ethernet frame is not used in this case.
How VPNs Work
VPNs create a secure, encrypted tunnel from one computer or device to another. This connection is often made via public networks, such as the internet, but it can also be sent over an untrusted "wireless" network. In order to provide the level of security needed for remote private networks to function, VPNs use encryption techniques that are very similar to those used by HTTPS.
The typical way that these connections work is like this:
The VPN client software runs on each device in the remote private network and establishes a secure connection with a VPN server. The device then sends all outgoing traffic through the VPN server and receives incoming traffic directly from that same server.
The VPN server re-encrypts all data so it's safe before sending it back down the secure tunnel on its way to your device.
Ethernet to Ethernet Bridging
This technology does not require specific hardware to be supported on the device. It is a Layer 2 technology that allows for bridging across Ethernet networks without the need to support 802.11x standards or the need.
The method of exploiting this vulnerability is by first hacking into an Ethernet switch, then by manipulating traffic through a VLAN ID and MAC address spoofing technique. The attacker can then send malicious traffic to the target network as if it was coming from an authorized device within the targeted network. The attacker could also use this exploit to redirect traffic from one segment of the network to another segment of the network in order to manipulate network data flows in order to gain access or take control over devices connected to either segment of the targeted network.
Timeline
Published on: 09/27/2022 19:15:00 UTC
Last modified on: 10/12/2022 13:15:00 UTC