CVE-2021-1424

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 119

Summary

CVE-2021-1424 is a recently discovered vulnerability affecting the ipsecmgr process in Cisco ASR 5000 Series Software (StarOS). An unauthenticated, remote attacker can exploit this issue by sending malformed IKEv2 packets to an affected device, resulting in a denial of service (DoS) condition. This vulnerability arises from insufficient validation of incoming IKEv2 packets. Upon successful exploitation, the ipsecmgr process restarts, leading to disrupted IKE negotiations and a temporary DoS situation. To mitigate this risk, Cisco has released software updates. No known workarounds are currently available.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share