Cisco ASR 5000 StarOS ipsecmgr IKEv2 DoS Vulnerability (CVE-2021-1424)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Cisco ASR 5000 Series Software (StarOS) ipsecmgr Process Denial of Service Vulnerability - Vulnerability ID: cisco-sa-staros-ipsecmgr-dos-3gkHXwvS - CVE ID: CVE-2021-1424 - CVSS Score: 5.3 2. Affected Products: - Affected Versions: Cisco ASR 5000 Series Software (StarOS) releases earlier than Release 21.22 - Affected Configuration: Configured to negotiate IPSec connections via IKEv2 protocol 3. Vulnerability Impact: - Description: Due to insufficient validation of IKEv2 packets, a remote attacker can exploit this vulnerability by sending specially crafted malicious IKEv2 packets, causing the ipsecmgr process to restart. This results in interruption of IKE negotiation and leads to a temporary Denial of Service (DoS) condition. - Remediation: Cisco has released software updates to address this vulnerability. There are no workarounds available for this vulnerability. 4. Affected Products List: - The list of affected products can be found in the vulnerability details section. 5. Workarounds: - No workarounds are available for this vulnerability. 6. Fixed Software: - When considering software upgrades, it is recommended to regularly review Cisco product security advisories to determine exposure and identify complete upgrade solutions. 7. Affected Versions: - The list of affected versions can be found in the vulnerability details section. 8. Source: - The vulnerability was discovered during internal security testing. 9. URL: - URL to the vulnerability details page: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ipsecmgr-dos-3gkHXwvS 10. Revision History: - Version 1.0: Initial public release, status: Final, release date: March 3, 2021. This information helps in understanding the nature of the vulnerability, the affected products, remediation steps, and how to obtain further details.

Goal Reached Thanks to every supporter — we hit 100%!

Cisco ASR 5000 StarOS ipsecmgr IKEv2 DoS Vulnerability (CVE-2021-1424)