CVE-2021-1424

EUVD-2021-6891

18.11.2024, 16:15

A vulnerability in the ipsecmgr process of Cisco&nbsp;ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.
This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco&nbsp;has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
cisco	CNA	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Early Detection

Affected products identified ahead of NVD analysis through intelligence sources.

Vendor	Product	Version	Source
cisco	asr_5000_series	21.15.7	CNA
cisco	asr_5000_series	21.13.10	CNA
cisco	asr_5000_series	21.14.1	CNA
cisco	asr_5000_series	21.11.5	CNA
cisco	asr_5000_series	21.13.8	CNA
cisco	asr_5000_series	21.14.5	CNA
cisco	asr_5000_series	21.12.8	CNA
cisco	asr_5000_series	21.13.11	CNA
cisco	asr_5000_series	21.11.8	CNA
cisco	asr_5000_series	21.12.9	CNA
cisco	asr_5000_series	21.15.5	CNA
cisco	asr_5000_series	21.11.7	CNA
cisco	asr_5000_series	21.13.5	CNA
cisco	asr_5000_series	21.12.0	CNA
cisco	asr_5000_series	21.15.2	CNA
cisco	asr_5000_series	21.11.6	CNA
cisco	asr_5000_series	21.14.2	CNA
cisco	asr_5000_series	21.12.3	CNA
cisco	asr_5000_series	21.15.0	CNA
cisco	asr_5000_series	21.11.2	CNA
cisco	asr_5000_series	21.13.7	CNA
cisco	asr_5000_series	21.12.4	CNA
cisco	asr_5000_series	21.12.12	CNA
cisco	asr_5000_series	21.13.4	CNA
cisco	asr_5000_series	21.12.5	CNA
cisco	asr_5000_series	21.14.a0	CNA
cisco	asr_5000_series	21.11.9	CNA
cisco	asr_5000_series	21.14.0	CNA
cisco	asr_5000_series	21.11.4	CNA
cisco	asr_5000_series	21.12.7	CNA
cisco	asr_5000_series	21.14.3	CNA
cisco	asr_5000_series	21.12.2	CNA
cisco	asr_5000_series	21.14.10	CNA
cisco	asr_5000_series	21.15.4	CNA
cisco	asr_5000_series	21.14.6	CNA
cisco	asr_5000_series	21.15.3	CNA
cisco	asr_5000_series	21.13.13	CNA
cisco	asr_5000_series	21.12.11	CNA
cisco	asr_5000_series	21.12.10	CNA
cisco	asr_5000_series	21.14.9	CNA
cisco	asr_5000_series	21.11.1	CNA
cisco	asr_5000_series	21.14.7	CNA
cisco	asr_5000_series	21.11.3	CNA
cisco	asr_5000_series	21.13.3	CNA
cisco	asr_5000_series	21.13.2	CNA
cisco	asr_5000_series	21.13.14	CNA
cisco	asr_5000_series	21.12.1	CNA
cisco	asr_5000_series	21.13.6	CNA
cisco	asr_5000_series	21.13.12	CNA
cisco	asr_5000_series	21.15.8	CNA
cisco	asr_5000_series	21.13.1	CNA
cisco	asr_5000_series	21.15.1	CNA
cisco	asr_5000_series	21.15.6	CNA
cisco	asr_5000_series	21.13.9	CNA
cisco	asr_5000_series	21.14.4	CNA
cisco	asr_5000_series	21.13.0	CNA
cisco	asr_5000_series	21.12.6	CNA
cisco	asr_5000_series	21.14.8	CNA
cisco	asr_5000_series	21.11.0	CNA
cisco	asr_5000_series	21.15.15	CNA
cisco	asr_5000_series	21.14.11	CNA
cisco	asr_5000_series	21.17.2	CNA
cisco	asr_5000_series	21.15.13	CNA
cisco	asr_5000_series	21.15.12	CNA
cisco	asr_5000_series	21.14.b15	CNA
cisco	asr_5000_series	21.17.0	CNA
cisco	asr_5000_series	21.15.10	CNA
cisco	asr_5000_series	21.13.16	CNA
cisco	asr_5000_series	21.14.12	CNA
cisco	asr_5000_series	21.15.20	CNA
cisco	asr_5000_series	21.11.10	CNA
cisco	asr_5000_series	21.15.18	CNA
cisco	asr_5000_series	21.15.14	CNA
cisco	asr_5000_series	21.13.15	CNA
cisco	asr_5000_series	21.15.21	CNA
cisco	asr_5000_series	21.15.17	CNA
cisco	asr_5000_series	21.17.1	CNA
cisco	asr_5000_series	21.14.b14	CNA
cisco	asr_5000_series	21.12.13	CNA
cisco	asr_5000_series	21.12.14	CNA
cisco	asr_5000_series	21.15.19	CNA
cisco	asr_5000_series	21.15.11	CNA
cisco	asr_5000_series	21.15.22	CNA
cisco	asr_5000_series	21.17.3	CNA
cisco	asr_5000_series	21.14.b13	CNA
cisco	asr_5000_series	21.15.16	CNA
cisco	asr_5000_series	21.14.b12	CNA
cisco	asr_5000_series	21.16.2	CNA
cisco	asr_5000_series	21.14.16	CNA
cisco	asr_5000_series	21.14.b17	CNA
cisco	asr_5000_series	21.15.24	CNA
cisco	asr_5000_series	21.16.c9	CNA
cisco	asr_5000_series	21.15.25	CNA
cisco	asr_5000_series	21.15.26	CNA
cisco	asr_5000_series	21.16.d0	CNA
cisco	asr_5000_series	21.17.4	CNA
cisco	asr_5000_series	21.15.27	CNA
cisco	asr_5000_series	21.13.17	CNA
cisco	asr_5000_series	21.18.0	CNA
cisco	asr_5000_series	21.15.28	CNA
cisco	asr_5000_series	21.14.17	CNA
cisco	asr_5000_series	21.16.d1	CNA
cisco	asr_5000_series	21.18.1	CNA
cisco	asr_5000_series	21.16.3	CNA
cisco	asr_5000_series	21.14.b18	CNA
cisco	asr_5000_series	21.16.c10	CNA
cisco	asr_5000_series	21.11.11	CNA
cisco	asr_5000_series	21.15.29	CNA
cisco	asr_5000_series	21.15.30	CNA
cisco	asr_5000_series	21.13.18	CNA
cisco	asr_5000_series	21.12.16	CNA
cisco	asr_5000_series	21.17.5	CNA
cisco	asr_5000_series	21.16.c11	CNA
cisco	asr_5000_series	21.15.32	CNA
cisco	asr_5000_series	21.13.19	CNA
cisco	asr_5000_series	21.15.33	CNA
cisco	asr_5000_series	21.11.12	CNA
cisco	asr_5000_series	21.19.0	CNA
cisco	asr_5000_series	21.18.2	CNA
cisco	asr_5000_series	21.14.19	CNA
cisco	asr_5000_series	21.19.1	CNA
cisco	asr_5000_series	21.17.6	CNA
cisco	asr_5000_series	21.11.13	CNA
cisco	asr_5000_series	21.12.17	CNA
cisco	asr_5000_series	21.15.36	CNA
cisco	asr_5000_series	21.18.3	CNA
cisco	asr_5000_series	21.14.b19	CNA
cisco	asr_5000_series	21.19.2	CNA
cisco	asr_5000_series	21.15.37	CNA
cisco	asr_5000_series	21.17.7	CNA
cisco	asr_5000_series	21.14.20	CNA
cisco	asr_5000_series	21.16.c12	CNA
cisco	asr_5000_series	21.18.4	CNA
cisco	asr_5000_series	21.19.3	CNA
cisco	asr_5000_series	21.13.20	CNA
cisco	asr_5000_series	21.15.40	CNA
cisco	asr_5000_series	21.14.b20	CNA
cisco	asr_5000_series	21.16.4	CNA
cisco	asr_5000_series	21.18.5	CNA
cisco	asr_5000_series	21.14.b21	CNA
cisco	asr_5000_series	21.16.c13	CNA
cisco	asr_5000_series	21.11.14	CNA
cisco	asr_5000_series	21.12.18	CNA
cisco	asr_5000_series	21.20.0	CNA
cisco	asr_5000_series	21.15.41	CNA
cisco	asr_5000_series	21.17.8	CNA
cisco	asr_5000_series	21.20.1	CNA
cisco	asr_5000_series	21.16.5	CNA
cisco	asr_5000_series	21.15.43	CNA
cisco	asr_5000_series	21.19.4	CNA
cisco	asr_5000_series	21.18.6	CNA
cisco	asr_5000_series	21.15.45	CNA
cisco	asr_5000_series	21.20.2	CNA
cisco	asr_5000_series	21.16.c14	CNA
cisco	asr_5000_series	21.17.9	CNA
cisco	asr_5000_series	21.11.15	CNA
cisco	asr_5000_series	21.14.22	CNA
cisco	asr_5000_series	21.20.3	CNA
cisco	asr_5000_series	21.15.46	CNA
cisco	asr_5000_series	21.18.7	CNA
cisco	asr_5000_series	21.19.n3	CNA
cisco	asr_5000_series	21.15.47	CNA
cisco	asr_5000_series	21.15.48	CNA
cisco	asr_5000_series	21.19.5	CNA
cisco	asr_5000_series	21.17.10	CNA
cisco	asr_5000_series	21.18.8	CNA
cisco	asr_5000_series	21.16.6	CNA
cisco	asr_5000_series	21.12.19	CNA
cisco	asr_5000_series	21.13.21	CNA
cisco	asr_5000_series	21.20.4	CNA
cisco	asr_5000_series	21.18.9	CNA
cisco	asr_5000_series	21.19.n4	CNA
cisco	asr_5000_series	21.17.11	CNA
cisco	asr_5000_series	21.18.11	CNA
cisco	asr_5000_series	21.19.6	CNA
cisco	asr_5000_series	21.16.c15	CNA
cisco	asr_5000_series	21.16.7	CNA
cisco	asr_5000_series	21.17.12	CNA
cisco	asr_5000_series	21.21.0	CNA
cisco	asr_5000_series	21.17.13	CNA
cisco	asr_5000_series	21.11.16	CNA
cisco	asr_5000_series	21.12.20	CNA
cisco	asr_5000_series	21.18.12	CNA
cisco	asr_5000_series	21.12.21	CNA
cisco	asr_5000_series	21.14.b22	CNA
cisco	asr_5000_series	21.19.7	CNA
cisco	asr_5000_series	21.20.6	CNA
cisco	asr_5000_series	21.18.13	CNA
cisco	asr_5000_series	21.19.n5	CNA
cisco	asr_5000_series	21.18.14	CNA
cisco	asr_5000_series	21.20.7	CNA
cisco	asr_5000_series	21.11.17	CNA
cisco	asr_5000_series	21.17.14	CNA
cisco	asr_5000_series	21.19.8	CNA
cisco	asr_5000_series	21.20.8	CNA
cisco	asr_5000_series	21.19.9	CNA
cisco	asr_5000_series	21.17.15	CNA
cisco	asr_5000_series	21.20.9	CNA
cisco	asr_5000_series	21.18.15	CNA
cisco	asr_5000_series	21.15.51	CNA
cisco	asr_5000_series	21.14.23	CNA
cisco	asr_5000_series	21.19.10	CNA
cisco	asr_5000_series	21.20.k6	CNA
cisco	asr_5000_series	21.11.18	CNA
cisco	asr_5000_series	21.19.n6	CNA
cisco	asr_5000_series	21.16.8	CNA
cisco	asr_5000_series	21.15.52	CNA
cisco	asr_5000_series	21.17.16	CNA
cisco	asr_5000_series	21.20.10	CNA
cisco	asr_5000_series	21.15.53	CNA
cisco	asr_5000_series	21.11.19	CNA
cisco	asr_5000_series	21.20.k7	CNA
cisco	asr_5000_series	21.15.54	CNA
cisco	asr_5000_series	21.20.11	CNA
cisco	asr_5000_series	21.20.u8	CNA
cisco	asr_5000_series	21.21.1	CNA
cisco	asr_5000_series	21.17.17	CNA
cisco	asr_5000_series	21.15.55	CNA

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mk

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ipsecmgr-dos-3gkHXwvS

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbk