We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2021-1424

Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability



Description

A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Reserved 2020-11-13 | Published 2024-11-18 | Updated 2024-11-18 | Assigner cisco


MEDIUM: 5.3CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/RL:X/RC:X/E:X

Problem types

Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Default status
unknown

21.15.7
affected

21.13.10
affected

21.14.1
affected

21.11.5
affected

21.13.8
affected

21.14.5
affected

21.12.8
affected

21.13.11
affected

21.11.8
affected

21.12.9
affected

21.15.5
affected

21.11.7
affected

21.13.5
affected

21.12.0
affected

21.15.2
affected

21.11.6
affected

21.14.2
affected

21.12.3
affected

21.15.0
affected

21.11.2
affected

21.13.7
affected

21.12.4
affected

21.12.12
affected

21.13.4
affected

21.12.5
affected

21.14.a0
affected

21.11.9
affected

21.14.0
affected

21.11.4
affected

21.12.7
affected

21.14.3
affected

21.12.2
affected

21.14.10
affected

21.15.4
affected

21.14.6
affected

21.15.3
affected

21.13.13
affected

21.12.11
affected

21.12.10
affected

21.14.9
affected

21.11.1
affected

21.14.7
affected

21.11.3
affected

21.13.3
affected

21.13.2
affected

21.13.14
affected

21.12.1
affected

21.13.6
affected

21.13.12
affected

21.15.8
affected

21.13.1
affected

21.15.1
affected

21.15.6
affected

21.13.9
affected

21.14.4
affected

21.13.0
affected

21.12.6
affected

21.14.8
affected

21.11.0
affected

21.15.15
affected

21.14.11
affected

21.17.2
affected

21.15.13
affected

21.15.12
affected

21.14.b15
affected

21.17.0
affected

21.15.10
affected

21.13.16
affected

21.14.12
affected

21.15.20
affected

21.11.10
affected

21.15.18
affected

21.15.14
affected

21.13.15
affected

21.15.21
affected

21.15.17
affected

21.17.1
affected

21.14.b14
affected

21.12.13
affected

21.12.14
affected

21.15.19
affected

21.15.11
affected

21.15.22
affected

21.17.3
affected

21.14.b13
affected

21.15.16
affected

21.14.b12
affected

21.16.2
affected

21.14.16
affected

21.14.b17
affected

21.15.24
affected

21.16.c9
affected

21.15.25
affected

21.15.26
affected

21.16.d0
affected

21.17.4
affected

21.15.27
affected

21.13.17
affected

21.18.0
affected

21.15.28
affected

21.14.17
affected

21.16.d1
affected

21.18.1
affected

21.16.3
affected

21.14.b18
affected

21.16.c10
affected

21.11.11
affected

21.15.29
affected

21.15.30
affected

21.13.18
affected

21.12.16
affected

21.17.5
affected

21.16.c11
affected

21.15.32
affected

21.13.19
affected

21.15.33
affected

21.11.12
affected

21.19.0
affected

21.18.2
affected

21.14.19
affected

21.19.1
affected

21.17.6
affected

21.11.13
affected

21.12.17
affected

21.15.36
affected

21.18.3
affected

21.14.b19
affected

21.19.2
affected

21.15.37
affected

21.17.7
affected

21.14.20
affected

21.16.c12
affected

21.18.4
affected

21.19.3
affected

21.13.20
affected

21.15.40
affected

21.14.b20
affected

21.16.4
affected

21.18.5
affected

21.14.b21
affected

21.16.c13
affected

21.11.14
affected

21.12.18
affected

21.20.SV1
affected

21.20.0
affected

21.15.41
affected

21.20.SV2
affected

21.17.8
affected

21.20.1
affected

21.20.SV3
affected

21.16.5
affected

21.20.SV5
affected

21.15.43
affected

21.19.4
affected

21.18.6
affected

21.15.45
affected

21.20.2
affected

21.16.c14
affected

21.17.9
affected

21.11.15
affected

21.14.22
affected

21.20.3
affected

21.15.46
affected

21.18.7
affected

21.19.n3
affected

21.15.47
affected

21.15.48
affected

21.19.5
affected

21.17.10
affected

21.18.8
affected

21.16.6
affected

21.12.19
affected

21.13.21
affected

21.20.4
affected

21.18.9
affected

21.19.n4
affected

21.17.11
affected

21.18.11
affected

21.19.6
affected

21.16.c15
affected

21.16.7
affected

21.17.12
affected

21.21.0
affected

21.17.13
affected

21.11.16
affected

21.12.20
affected

21.18.12
affected

21.12.21
affected

21.14.b22
affected

21.19.7
affected

21.20.6
affected

21.18.13
affected

21.19.n5
affected

21.18.14
affected

21.20.7
affected

21.11.17
affected

21.17.14
affected

21.19.8
affected

21.20.8
affected

21.19.9
affected

21.17.15
affected

21.20.9
affected

21.18.15
affected

21.15.51
affected

21.14.23
affected

21.19.10
affected

21.20.k6
affected

21.11.18
affected

21.19.n6
affected

21.16.8
affected

21.15.52
affected

21.17.16
affected

21.20.10
affected

21.15.53
affected

21.11.19
affected

21.20.k7
affected

21.15.54
affected

21.20.11
affected

21.20.u8
affected

21.21.1
affected

21.17.17
affected

21.15.55
affected

References

sec.cloudapps.cisco.com/...o-sa-staros-ipsecmgr-dos-3gkHXwvS (cisco-sa-staros-ipsecmgr-dos-3gkHXwvS)

sec.cloudapps.cisco.com/...isco-sa-asaftd-xss-webui-gQLSFyPM (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM</a></p><p>This advisory is part of the October 2021 release of the Cisco&nbsp;ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74773">Cisco&nbsp;Event Response: October 2021 Cisco&nbsp;ASA, FMC, and FTD Software Security Advisory Bundled Publication)

sec.cloudapps.cisco.com/...co-sa-sdwan-sigverbypass-gPYXd6Mk

sec.cloudapps.cisco.com/...o-sa-esa-sma-info-disclo-VOu2GHbZ

sec.cloudapps.cisco.com/.../cisco-sa-xrbgp-rpki-dos-gvmjqxbk (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk</a></p><p>This advisory is part of the September 2021 release of the Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see <a href="https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-74637">Cisco&nbsp;Event Response: September 2021 Cisco&nbsp;IOS XR Software Security Advisory Bundled Publication)

cve.org (CVE-2021-1424)

nvd.nist.gov (CVE-2021-1424)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2021-1424

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.