Cisco ASR 5000 Series Software Vulnerability Could Lead to Denial of Service
CVE-2021-1424

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Asr 5000 Series Software
Vendor
CVE Published:
18 November 2024

Summary

A vulnerability exists in the ipsecmgr process of Cisco ASR 5000 Series Software that could enable unauthenticated, remote attackers to induce a denial of service condition. This issue arises from inadequate validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. By sending specifically crafted IKEv2 packets to vulnerable devices, an attacker can manipulate the ipsecmgr process to restart, which interrupts ongoing IKE negotiations and leads to temporary disruption of service. Cisco has released software updates to mitigate this issue. Currently, there are no workarounds available to address this vulnerability.

Affected Version(s)

Cisco ASR 5000 Series Software 21.15.7

Cisco ASR 5000 Series Software 21.13.10

Cisco ASR 5000 Series Software 21.14.1

References

https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...
https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.