CVE-2021-1424
Description
A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Cisco ASR 5000 Series Software (StarOS) ipsecmgr DoS via malformed IKEv2 packets allows unauthenticated remote attackers to disrupt VPN negotiations.
Cisco ASR 5000 Series Software (StarOS) contains a vulnerability in the ipsecmgr process, which handles Internet Key Exchange Version 2 (IKEv2) negotiations. The issue stems from insufficient validation of incoming IKEv2 packets, allowing malformed packets to trigger a restart of the ipsecmgr process [2].
An unauthenticated, remote attacker can exploit this vulnerability by sending specifically crafted malformed IKEv2 packets to an affected device. No authentication is required, and the attack can be launched from the network without any prior access. The vulnerability only affects devices configured to negotiate IPsec connections over IKEv2 [2].
Successful exploitation causes the ipsecmgr process to restart, disrupting ongoing IKE negotiations and resulting in a temporary denial of service (DoS) condition. This can prevent legitimate VPN connections from being established or maintained [2].
Cisco has released software updates (StarOS Release 21.22 and later) to address this vulnerability. There are no workarounds available. Administrators should upgrade to a fixed release to mitigate the risk [2].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPMnvd
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZnvd
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-sigverbypass-gPYXd6Mknvd
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-staros-ipsecmgr-dos-3gkHXwvSnvd
- sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrbgp-rpki-dos-gvmjqxbknvd
News mentions
0No linked articles in our index yet.