CVE-2021-1620
HIGHCisco IOS - Denial of Service via IKEv2 AutoReconnect IP Address Exhaustion
Title source: llmDescription
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) support for the AutoReconnect feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to exhaust the free IP addresses from the assigned local pool. This vulnerability occurs because the code does not release the allocated IP address under certain failure conditions. An attacker could exploit this vulnerability by trying to connect to the device with a non-AnyConnect client. A successful exploit could allow the attacker to exhaust the IP addresses from the assigned local pool, which prevents users from logging in and leads to a denial of service (DoS) condition.
References (1)
Core 1
Core References
Patch, Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ikev2-ebFrwMPr
Scores
CVSS v3
7.7
EPSS
0.0103
EPSS Percentile
59.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-772
CWE-563
Status
published
Products (50)
cisco/ios
12.2\(6\)i1
cisco/ios
15.1\(3\)svr1
cisco/ios
15.1\(3\)svr2
cisco/ios
15.1\(3\)svr3
cisco/ios
15.1\(3\)svs
cisco/ios
15.1\(3\)svs1
cisco/ios
15.1\(3\)svt1
cisco/ios
15.1\(3\)svt2
cisco/ios
15.1\(3\)svu1
cisco/ios
15.2\(1\)sy2
... and 40 more
Published
Sep 23, 2021
Tracked Since
Feb 18, 2026