CVE-2021-1424
MEDIUMCisco ASR 5000 Series Software - Denial of Service via Malformed IKEv2 Packet
Title source: llmDescription
A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
References (5)
Core 5
Core References
Various Sources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM
Various Sources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ
Various Sources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mk
Scores
CVSS v3
5.3
EPSS
0.0064
EPSS Percentile
70.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-119
Status
published
Products (50)
Cisco/Cisco ASR 5000 Series Software
21.11.0
Cisco/Cisco ASR 5000 Series Software
21.11.1
Cisco/Cisco ASR 5000 Series Software
21.11.10
Cisco/Cisco ASR 5000 Series Software
21.11.11
Cisco/Cisco ASR 5000 Series Software
21.11.12
Cisco/Cisco ASR 5000 Series Software
21.11.13
Cisco/Cisco ASR 5000 Series Software
21.11.14
Cisco/Cisco ASR 5000 Series Software
21.11.15
Cisco/Cisco ASR 5000 Series Software
21.11.16
Cisco/Cisco ASR 5000 Series Software
21.11.17
... and 40 more
Published
Nov 18, 2024
Tracked Since
Feb 18, 2026