CVE-2021-1424

Description

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

5.3 Medium

Impact Score:

1.4

Exploitability Score:

3.9

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

None

Integrity (I):

None

Availability (A):

Low

General Information

Offensive Application

Unknown

Utility Class

Unknown

Ports

Unknown

Vulnerable Versions

Cisco ASR 5000 Series Software 21.15.7

Cisco ASR 5000 Series Software 21.13.10

Cisco ASR 5000 Series Software 21.14.1

Cisco ASR 5000 Series Software 21.11.5

Cisco ASR 5000 Series Software 21.13.8

Cisco ASR 5000 Series Software 21.14.5

Cisco ASR 5000 Series Software 21.12.8

Cisco ASR 5000 Series Software 21.13.11

Cisco ASR 5000 Series Software 21.11.8

Cisco ASR 5000 Series Software 21.12.9

Cisco ASR 5000 Series Software 21.15.5

Cisco ASR 5000 Series Software 21.11.7

Cisco ASR 5000 Series Software 21.13.5

Cisco ASR 5000 Series Software 21.12.0

Cisco ASR 5000 Series Software 21.15.2

Cisco ASR 5000 Series Software 21.11.6

Cisco ASR 5000 Series Software 21.14.2

Cisco ASR 5000 Series Software 21.12.3

Cisco ASR 5000 Series Software 21.15.0

Cisco ASR 5000 Series Software 21.11.2

Cisco ASR 5000 Series Software 21.13.7

Cisco ASR 5000 Series Software 21.12.4

Cisco ASR 5000 Series Software 21.12.12

Cisco ASR 5000 Series Software 21.13.4

Cisco ASR 5000 Series Software 21.12.5

Cisco ASR 5000 Series Software 21.14.a0

Cisco ASR 5000 Series Software 21.11.9

Cisco ASR 5000 Series Software 21.14.0

Cisco ASR 5000 Series Software 21.11.4

Cisco ASR 5000 Series Software 21.12.7

Cisco ASR 5000 Series Software 21.14.3

Cisco ASR 5000 Series Software 21.12.2

Cisco ASR 5000 Series Software 21.14.10

Cisco ASR 5000 Series Software 21.15.4

Cisco ASR 5000 Series Software 21.14.6

Cisco ASR 5000 Series Software 21.15.3

Cisco ASR 5000 Series Software 21.13.13

Cisco ASR 5000 Series Software 21.12.11

Cisco ASR 5000 Series Software 21.12.10

Cisco ASR 5000 Series Software 21.14.9

Cisco ASR 5000 Series Software 21.11.1

Cisco ASR 5000 Series Software 21.14.7

Cisco ASR 5000 Series Software 21.11.3

Cisco ASR 5000 Series Software 21.13.3

Cisco ASR 5000 Series Software 21.13.2

Cisco ASR 5000 Series Software 21.13.14

Cisco ASR 5000 Series Software 21.12.1

Cisco ASR 5000 Series Software 21.13.6

Cisco ASR 5000 Series Software 21.13.12

Cisco ASR 5000 Series Software 21.15.8

Cisco ASR 5000 Series Software 21.13.1

Cisco ASR 5000 Series Software 21.15.1

Cisco ASR 5000 Series Software 21.15.6

Cisco ASR 5000 Series Software 21.13.9

Cisco ASR 5000 Series Software 21.14.4

Cisco ASR 5000 Series Software 21.13.0

Cisco ASR 5000 Series Software 21.12.6

Cisco ASR 5000 Series Software 21.14.8

Cisco ASR 5000 Series Software 21.11.0

Cisco ASR 5000 Series Software 21.15.15

Cisco ASR 5000 Series Software 21.14.11

Cisco ASR 5000 Series Software 21.17.2

Cisco ASR 5000 Series Software 21.15.13

Cisco ASR 5000 Series Software 21.15.12

Cisco ASR 5000 Series Software 21.14.b15

Cisco ASR 5000 Series Software 21.17.0

Cisco ASR 5000 Series Software 21.15.10

Cisco ASR 5000 Series Software 21.13.16

Cisco ASR 5000 Series Software 21.14.12

Cisco ASR 5000 Series Software 21.15.20

Cisco ASR 5000 Series Software 21.11.10

Cisco ASR 5000 Series Software 21.15.18

Cisco ASR 5000 Series Software 21.15.14

Cisco ASR 5000 Series Software 21.13.15

Cisco ASR 5000 Series Software 21.15.21

Cisco ASR 5000 Series Software 21.15.17

Cisco ASR 5000 Series Software 21.17.1

Cisco ASR 5000 Series Software 21.14.b14

Cisco ASR 5000 Series Software 21.12.13

Cisco ASR 5000 Series Software 21.12.14

Cisco ASR 5000 Series Software 21.15.19

Cisco ASR 5000 Series Software 21.15.11

Cisco ASR 5000 Series Software 21.15.22

Cisco ASR 5000 Series Software 21.17.3

Cisco ASR 5000 Series Software 21.14.b13

Cisco ASR 5000 Series Software 21.15.16

Cisco ASR 5000 Series Software 21.14.b12

Cisco ASR 5000 Series Software 21.16.2

Cisco ASR 5000 Series Software 21.14.16

Cisco ASR 5000 Series Software 21.14.b17

Cisco ASR 5000 Series Software 21.15.24

Cisco ASR 5000 Series Software 21.16.c9

Cisco ASR 5000 Series Software 21.15.25

Cisco ASR 5000 Series Software 21.15.26

Cisco ASR 5000 Series Software 21.16.d0

Cisco ASR 5000 Series Software 21.17.4

Cisco ASR 5000 Series Software 21.15.27

Cisco ASR 5000 Series Software 21.13.17

Cisco ASR 5000 Series Software 21.18.0

Cisco ASR 5000 Series Software 21.15.28

Cisco ASR 5000 Series Software 21.14.17

Cisco ASR 5000 Series Software 21.16.d1

Cisco ASR 5000 Series Software 21.18.1

Cisco ASR 5000 Series Software 21.16.3

Cisco ASR 5000 Series Software 21.14.b18

Cisco ASR 5000 Series Software 21.16.c10

Cisco ASR 5000 Series Software 21.11.11

Cisco ASR 5000 Series Software 21.15.29

Cisco ASR 5000 Series Software 21.15.30

Cisco ASR 5000 Series Software 21.13.18

Cisco ASR 5000 Series Software 21.12.16

Cisco ASR 5000 Series Software 21.17.5

Cisco ASR 5000 Series Software 21.16.c11

Cisco ASR 5000 Series Software 21.15.32

Cisco ASR 5000 Series Software 21.13.19

Cisco ASR 5000 Series Software 21.15.33

Cisco ASR 5000 Series Software 21.11.12

Cisco ASR 5000 Series Software 21.19.0

Cisco ASR 5000 Series Software 21.18.2

Cisco ASR 5000 Series Software 21.14.19

Cisco ASR 5000 Series Software 21.19.1

Cisco ASR 5000 Series Software 21.17.6

Cisco ASR 5000 Series Software 21.11.13

Cisco ASR 5000 Series Software 21.12.17

Cisco ASR 5000 Series Software 21.15.36

Cisco ASR 5000 Series Software 21.18.3

Cisco ASR 5000 Series Software 21.14.b19

Cisco ASR 5000 Series Software 21.19.2

Cisco ASR 5000 Series Software 21.15.37

Cisco ASR 5000 Series Software 21.17.7

Cisco ASR 5000 Series Software 21.14.20

Cisco ASR 5000 Series Software 21.16.c12

Cisco ASR 5000 Series Software 21.18.4

Cisco ASR 5000 Series Software 21.19.3

Cisco ASR 5000 Series Software 21.13.20

Cisco ASR 5000 Series Software 21.15.40

Cisco ASR 5000 Series Software 21.14.b20

Cisco ASR 5000 Series Software 21.16.4

Cisco ASR 5000 Series Software 21.18.5

Cisco ASR 5000 Series Software 21.14.b21

Cisco ASR 5000 Series Software 21.16.c13

Cisco ASR 5000 Series Software 21.11.14

Cisco ASR 5000 Series Software 21.12.18

Cisco ASR 5000 Series Software 21.20.SV1

Cisco ASR 5000 Series Software 21.20.0

Cisco ASR 5000 Series Software 21.15.41

Cisco ASR 5000 Series Software 21.20.SV2

Cisco ASR 5000 Series Software 21.17.8

Cisco ASR 5000 Series Software 21.20.1

Cisco ASR 5000 Series Software 21.20.SV3

Cisco ASR 5000 Series Software 21.16.5

Cisco ASR 5000 Series Software 21.20.SV5

Cisco ASR 5000 Series Software 21.15.43

Cisco ASR 5000 Series Software 21.19.4

Cisco ASR 5000 Series Software 21.18.6

Cisco ASR 5000 Series Software 21.15.45

Cisco ASR 5000 Series Software 21.20.2

Cisco ASR 5000 Series Software 21.16.c14

Cisco ASR 5000 Series Software 21.17.9

Cisco ASR 5000 Series Software 21.11.15

Cisco ASR 5000 Series Software 21.14.22

Cisco ASR 5000 Series Software 21.20.3

Cisco ASR 5000 Series Software 21.15.46

Cisco ASR 5000 Series Software 21.18.7

Cisco ASR 5000 Series Software 21.19.n3

Cisco ASR 5000 Series Software 21.15.47

Cisco ASR 5000 Series Software 21.15.48

Cisco ASR 5000 Series Software 21.19.5

Cisco ASR 5000 Series Software 21.17.10

Cisco ASR 5000 Series Software 21.18.8

Cisco ASR 5000 Series Software 21.16.6

Cisco ASR 5000 Series Software 21.12.19

Cisco ASR 5000 Series Software 21.13.21

Cisco ASR 5000 Series Software 21.20.4

Cisco ASR 5000 Series Software 21.18.9

Cisco ASR 5000 Series Software 21.19.n4

Cisco ASR 5000 Series Software 21.17.11

Cisco ASR 5000 Series Software 21.18.11

Cisco ASR 5000 Series Software 21.19.6

Cisco ASR 5000 Series Software 21.16.c15

Cisco ASR 5000 Series Software 21.16.7

Cisco ASR 5000 Series Software 21.17.12

Cisco ASR 5000 Series Software 21.21.0

Cisco ASR 5000 Series Software 21.17.13

Cisco ASR 5000 Series Software 21.11.16

Cisco ASR 5000 Series Software 21.12.20

Cisco ASR 5000 Series Software 21.18.12

Cisco ASR 5000 Series Software 21.12.21

Cisco ASR 5000 Series Software 21.14.b22

Cisco ASR 5000 Series Software 21.19.7

Cisco ASR 5000 Series Software 21.20.6

Cisco ASR 5000 Series Software 21.18.13

Cisco ASR 5000 Series Software 21.19.n5

Cisco ASR 5000 Series Software 21.18.14

Cisco ASR 5000 Series Software 21.20.7

Cisco ASR 5000 Series Software 21.11.17

Cisco ASR 5000 Series Software 21.17.14

Cisco ASR 5000 Series Software 21.19.8

Cisco ASR 5000 Series Software 21.20.8

Cisco ASR 5000 Series Software 21.19.9

Cisco ASR 5000 Series Software 21.17.15

Cisco ASR 5000 Series Software 21.20.9

Cisco ASR 5000 Series Software 21.18.15

Cisco ASR 5000 Series Software 21.15.51

Cisco ASR 5000 Series Software 21.14.23

Cisco ASR 5000 Series Software 21.19.10

Cisco ASR 5000 Series Software 21.20.k6

Cisco ASR 5000 Series Software 21.11.18

Cisco ASR 5000 Series Software 21.19.n6

Cisco ASR 5000 Series Software 21.16.8

Cisco ASR 5000 Series Software 21.15.52

Cisco ASR 5000 Series Software 21.17.16

Cisco ASR 5000 Series Software 21.20.10

Cisco ASR 5000 Series Software 21.15.53

Cisco ASR 5000 Series Software 21.11.19

Cisco ASR 5000 Series Software 21.20.k7

Cisco ASR 5000 Series Software 21.15.54

Cisco ASR 5000 Series Software 21.20.11

Cisco ASR 5000 Series Software 21.20.u8

Cisco ASR 5000 Series Software 21.21.1

Cisco ASR 5000 Series Software 21.17.17

Cisco ASR 5000 Series Software 21.15.55

Prerequisites

Unknown

Discovered By

Unknown

PoC Author

Unknown

Metasploit Module

Unknown

Reporter

Unknown

Vendors

Cisco

Products

Cisco ASR 5000 Series Software

References

Canonical

CVE-2021-1424 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1424)

Miscellaneous

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ipsecmgr-dos-3gkHXwvS

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mk

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk

Rapid7

Unknown

Unknown

Unknown

None

None

Network

CVE-2021-1424

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Unknown

CVE-2021-1424

Unknown

Unknown

None

None

Network

CVE-2021-1424

Description

Add Assessment

CVSS V3 Severity and Metrics

General Information

Vendors

Products

References

Canonical

Miscellaneous

Additional Info

Technical Analysis

Quick Cookie Notification